Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Authentication/Security in IIS5 1

Status
Not open for further replies.
JayBuys

JayBuys

Programmer
Jun 18, 2001
17
0
0
US
I'm running a website in IIS5 on a server that is outside of our NT domain. I'd like to password protect certain folders so that only certain people can access them. What is the best way to do this? I'm really not too familiar this type of thing so any information would be helpful.
Thanks
 
Sort by date Sort by votes
Set up new Win2K user accounts, then go to IIS, right-click the directory you want to protect and select properties. Under the Directory Security tab, edit the anonymous access section and turn off anonymous access. Now, in the Security properties for the actual folders (using Windows Explorer), remove all access for users other than those you have just chosen.

Users who visit the affected URL's will be presented with a login dialog box.
 
Upvote 0 Downvote
That works fine for people on the internal Intranet but will it work for people on the outside from the Internet? And if so, how will the passwords be sent? Will they be encrypted? I was under the impression that Windows Authentication wouldn't work from the internet unless you enabled Basic Authentication which sent the passwords as plain text.. not something I want to do. I'm probably going to set up SSL so I can have secure connections
 
Upvote 0 Downvote
Yep, you're right - they only work if sent in plain text. Either use SSL or write a database-driven password script and include it in each protected file (obviously will not work for image/object files but will be fine for asp and others).
 
Upvote 0 Downvote
I have exactly the opposite problem with implementing NT permissions security. I set permissions on individual asp pages and my users who access the page from the internet are presented with a logon and can logon and use the page without any problem. However, the intranet users can not. I can't even access the page myself over the intranet. Explorer just presents me with an "access denied" message. My IIS server is in the dmz. We are using a proxy server for outgoing requests, and I have read that the proxy will prevent us from using NT security, but I also set explorer to bypass the proxy and it still wont work.

any ideas how I might be able to get my nt logon through the intranet?

thanks
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ravalos
  • Question
Problem with PDFs in IIS
Replies
1
Views
244
gbaughma
gbaughma
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
119
Aquiles Vidal
Aquiles Vidal
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
93
mangentle
mangentle
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
100
antonio_dsanchez
antonio_dsanchez
goombawaho
  • Locked
  • Question
Server 2012 Essenitals Installation Media
Replies
1
Views
61
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top