Re: NTFS Permissions

From: Brian Boynton (bboynton3@hotmail.com)
Date: 05/30/02 

From: "Brian Boynton" <bboynton3@hotmail.com>
Date: Thu, 30 May 2002 13:02:20 -0400

 Hello,
 I have a basic question about permissions for an Intranet page I'm setting
 up.

 The intranet page we're setting up will have links to various department
 pages. For the sake of an example, let's say I want to restrict access to
 the EXEC page to the EXEC group. The easiest way to go about this would be
 to use the NTFS Security Tab on the Folder itself. The EXEC group now has
 Read/Write permissions to that folder within Inetpub
 (c:\inetpub\intranet_site\Exec).

 All of this time I've enabled the anonymous user login usage for the
 Intranet Virtual Directory. However, if I use Windows Integrated
 Authentication, I get a three-line login prompt, when trying to gain
access,
 which no EXECUTIVE, after using their login, password, and domain
 specification as instructed, can get past. (the dialog prompt just repeats
 three times and I get the unauthorized page message)

 If I apply DOMAIN USERS to the NTFS permissions for the EXEC folder, THEN
 EVERYONE can get in. So at least I can get access to the page, but now
 EVERYONE has access.

 If I go back to the Virtual Directory Security and use Basic Authentication
 (specifying the domain after typing EDIT) instead of Windows Integrated
 Authentication, then I only get a two line prompt, logically, and the
 EXECUTIVE can log in with just their username and password.

 What the hell is going in with this Windows Integrated authentication?

 Other things I've noticed with Windows Integrated authentication...is if
 You're logged into the domain ALREADY, and a 3-line dialog box pops up, it
 never works. But if you're logged into a workstation machine as a LOCAL
 USER, and the 3-line security login-pops up...you can log in.

 I experimented with the Anonymous User I'm using (which is a domain
 Anonymous user), making it a member of the EXEC group, etc. That doesn't
 work.

 Any feedback would be greatly appreciated.

 At this point I'm happy with the Basic Authentication, but I'd prefer a
 functioning transparent login for users. (plus something that's a little
 more secure, even though this is an intranet page)
 Thanks,

 Brian

Relevant Pages

  • Re: NTFS Permissions
    ... | If I go back to the Virtual Directory Security and use Basic ... | What the hell is going in with this Windows Integrated authentication? ... | Anonymous user), making it a member of the EXEC group, etc. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Urgent - need help with logging anonymous and Active Dir users without login form
    ... networks behind the same firewall. ... automatically logged in to our intranet in. ... forms authentication for everything. ... the user back to the page the access which initiated the login request. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Constant Password Authentication
    ... domain and server name in the URL. ... confirm that the same authentication methods are checkmarked as compared to ... Within our organisation there are staff who are ... > Up until recently a company that has had access to our intranet had been ...
    (microsoft.public.inetserver.iis.security)
  • RE: Windows authentication from ASP.NET to SQL Server
    ... The easiest way is to turn off anonymous access for the Intranet site. ... will force authentication, usually through a login box (although the network ... > intranet server and our database server, both of which are on our local ... > Successful Network Logon: ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: User Identity
    ... If you want certain parts of the site to be only for intranet users, ... >>Integrated Authentication. ... >>Kevin Spencer ... >>>>> the server.Is it anonymous access by default on the ...
    (microsoft.public.dotnet.framework.aspnet)