Re: Basic directory security question

From: Mike (
Date: 05/17/02

From: "Mike" <>
Date: Fri, 17 May 2002 10:58:04 -0700

Thank you... Will the Integrated Windows Authentication allow internet users
to pass a user name and password for an account local to the server (with
permissions to the directory)? And will it NOT be in clear text? Thanks...

"x y" <> wrote in message
> will answer this and other questions.
> You use both. You use NTFS permissions on the directory containing your
> content to grant read-only access to the necessary users [and if security
> a big issue for you, you may need to also remove IUSR_ and maybe IWAM from
> having rights to that folder]. Also, in the IIS MMC, on the security tab,
> you disable anonymous authentication and enable basic authentication [if
> users are going through a firewall or are not using internet explorer or
> not using windows] or windows integrated authentication [usually if the
> users are inside a company network]. Note that with basic authentication,
> the passwords are passed on the internet in plain text, which makes them
> theoretically vulnerable to a hacker running a sniffer program. However
> this is a small, low security site, this might not be such a big risk.
> If this bothers you, use an SSL certificate to set up HTTPS: [
> explains how] or use OpenSSH [free] or VPN if you have
> VPN capabilities. Reliable SSL certificates generally start around $120 a
> year from You can find and install test
> certificates that will work, but the user will get a popup message
> that there is a problem with the web site certificate when they visit your
> site. has test certificates, and
> has a makecert utility that will let you make your own cert.
> "Mike" <> wrote in message
> news:OZoMuiT$BHA.1144@tkmsftngp02...
> > I have to create a site on a public web server that will allow read
> > to a group of users based on a user account on the domain the web server
> is
> > a member of (no anonymous access). How might I set up directory
> to
> > accomplish this? Or, would I somehow use NTFS security? Any suggestions
> > appreciated!
> >
> >

Relevant Pages

  • Re: Access Denied to share with anonymous access disabled
    ... > Integrated Windows authentication, then you are looking at the classic ... > server, why should the server automatically be able to use your ... > ASPNet local user account full access to the share. ... > anonymous access with integrated windows security on the web site. ...
  • Re: Potential vulnerabilities of the Microsoft RVP-based Instant Messaging
    ... >> Further to Greg's comments about this Encode Security Labs ... >> NTLM for authentication, ... > NTLM is a unilateral authentication protocol where the server ...
  • Re: WCF security advice (and clarification) needed
    ... You, the client, resolve the hostname within your ... TCP/IP) with that ticket as the security token. ... There are two parties participating in a security scenario, the server ... HTTP supports other authentication ...
  • client certificates for authentication but not encryption
    ... resolved the crash, but at the cost of using a secure ... client certificates for authentication but not encryption ... > server using the WebDAV protocol. ...
  • unified authentication
    ... and a single Windows 2000 Server. ... I have recently been plagued by the security audit ... as employees have left the company and new ... and very fast authentication system with vpopmail + MySQL. ...