IIS 6 Integrated Security....risks??
- From: "Roberto López" <rlopez@xxxxxxxxxxxxxxxx>
- Date: Tue, 27 Nov 2007 18:06:04 +0100
Hello from Spain,
I have a web server running under IIS 6 on Windows 2003 Standar Edition,
domain controller.
I have 2 "sites" (web pages really, not IIS 6 Web Sites) running on it on
the same port (80).
The first one is plain HTML site, and I have Anonymous access security
applied to it. Works fine.
The second is an ASP.NET application, and I have Integrated Windows Security
applied to it. I have defined a ApplicationPool to this asp.net application
to run under an especific domain user account. Works fine too. When a user
connects to this application, the web explorer ask for user credentials.
My dude is: Is secure enought this configuration to my asp.net application
??
The server is running on Internet and Intranet at the same time. Some users
connects locally (from the LAN) and others connects over Internet to the
asp.net application sending their credentials.
As far as I know the credentials are sent encrypted??, but the pages
themselves are not encrypted, to do this i nedd an SSL connection?
Thanks a lot.
--
----------------------------------------------------------------------------
---
Roberto López
----------------------------------------------------------------------------
---
.
- Follow-Ups:
- Re: IIS 6 Integrated Security....risks??
- From: David Wang
- Re: IIS 6 Integrated Security....risks??
- Prev by Date: Re: IIS requiring authentication
- Next by Date: Re: Kerberos
- Previous by thread: RE: HTTP Error 401.3 - Unauthorized: Access is denied due to an ACL set on the requested resource
- Next by thread: Re: IIS 6 Integrated Security....risks??
- Index(es):
Relevant Pages
|
