Re: Basic authentication using IISPassword software

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 04/19/05 

Date: Tue, 19 Apr 2005 07:33:58 -0700

You do realize that you have not said what it is that you expect
the application of cited link to accomplish for you, right?

Because of this I for one cannot directly respond to your question.
And no, it is not obvious what you want to accomplish with it.

For example, since apparently this would be used to avoid the
configuring of NTFS access controls on content areas, I would
assume that you would end up with multiple different webs all
being configured the same with NTFS permissions. If that is so,
and I have one of those webs, and I am allowed to author content,
and you have not restricted my web to only html, then I am going
to write a page that uses the filesystem object and lets me navigate
freely around in those other webs. Even though browsing to my
web will be under the control of this app, and even though browse
to/within those other web would require other "credentials" under
the control of this app, which same "credentials" I do not know,
my authored page will not be stopped as you have nullified the
force of the systems use of accounts in NTFS permission control. 

-- 
Roger Abell
Microsoft MVP (Windows  Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"Keping" <kchen@laurel.ocs.mq.edu.au> wrote in message
news:bef187d9.0504190423.7a96a8ac@posting.google.com...
> Dear All,
>
> By searching the net, it is not difficult to locate some discussion on
> the basic auth on Apache and Windows Server 2003 - for example,
> http://www.scit.wlv.ac.uk/~jphb/sst/basics/password.html
>
> For some basic authentication tasks on Windows Server 2003, I feel the
> IISPassword program from http://www.troxo.com/ offers a simple
> solution and is very attractive. What do you think? Have you come
> across any other ways without a need to create domain users and set up
> permissions?
>
> Your comments are appreciated.
>
> Keping
Loading