RE: Password Protect Intranet Pages
From: IT Community (it-community@microsoft.com)
Date: 06/02/02
- Next message: James Herring: "cannot access secure sites"
- Previous message: IT Community: "Re: NTFS Permissions"
- In reply to: Cecily: "Password Protect Intranet Pages"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: it-community@microsoft.com (IT Community) Date: Sun, 02 Jun 2002 13:53:37 GMT
Using IIS console one can restrict access at various level, i.e. site,
folder/directory, or file/page level. For example, in IIS console,
rightclick a directory or a page and got to Properties/Directory Security
and disable Anonymous Access and enable other authentication methods as
appropriate will make the resource restricted and require an authentication
for access. The access control will be defined at NTFS level.
The following is an outline of the process. The section,
Administration/Server Administration/Security/Access Control, in IIS Help
file has a flowchart with details.
1. The client requests a resource on the server.
2. The server, if configured to require it, will request authentication
information from the client. The browser may either prompt the user for a
user name and password, or offer this information automatically.
3. IIS checks if the user has a valid Windows user account. If the user
does not, then the request fails, and the user gets a "403 Access
Forbidden" message.
4. IIS checks if the user has Web permissions for the requested resource.
If the user does not, then the request fails, and the user gets a "403
Access Forbidden" message.
5. Any third-party security modules added by the Web site administrator are
used here.
6. IIS checks the NTFS permissions for the resource. If the user does not
have NTFS permissions for the resource, then the request fails, and the
user gets a "401 Access Denied" message.
7. If the user has NTFS permission, then the request is fulfilled.
This posting is provided “AS IS” with no warranties, and confers no rights.
You assume all risk for your use. © 2002 Microsoft Corporation. All rights
reserved.
Cumulative Patch for Internet Information Services (Q319733) released
04/10/2002
http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
--------------------
| Content-Class: urn:content-classes:message
| From: "Cecily" <cwillerton@techtelcom.com>
| Sender: "Cecily" <cwillerton@techtelcom.com>
| Subject: Password Protect Intranet Pages
| Date: Wed, 29 May 2002 09:10:15 -0700
| Lines: 8
| Message-ID: <91bd01c2072b$51f7d5e0$9ae62ecf@tkmsftngxa02>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Thread-Index: AcIHK1H3xa41YNymQIqobaSP4x3Idw==
| Newsgroups: microsoft.public.inetserver.iis.security
| Path: cpmsftngxa07
| Xref: cpmsftngxa07 microsoft.public.inetserver.iis.security:7198
| NNTP-Posting-Host: TKMSFTNGXA02 10.201.232.161
| X-Tomcat-NG: microsoft.public.inetserver.iis.security
|
| I have an intranet application hosted on IIS in a Windows
| 2000 server. I need to provide restricted access to
| various portions of the site based on the user's
| username/password. I do not want the users to have a
| separate username/password for the site, but to use
| his/her existing Windows 2000 username/password for access.
| Is there a way to capture the Windows NT username/password
| and provide site access based on this?
|
- Next message: James Herring: "cannot access secure sites"
- Previous message: IT Community: "Re: NTFS Permissions"
- In reply to: Cecily: "Password Protect Intranet Pages"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
