Forum Home
Press F1
 
Thread ID: 30751 2003-03-02 02:40:00 IIS restricted web access via username/password Mike (15) Press F1
Post ID Timestamp Content User
124931 2003-03-02 02:40:00 I've got IIS running on my XP Pro system, and I want to give access to it to certain people, but not to everybody, so want to give usernames and passwords to those people. At the moment if anybody tries to access my server they are presented with a login box, but the only thing that will get them through is by them entering "administrator" and my admin password (and so I don't want to do this).
How do I set IIS to use usernames and passwords, and how do I set them?

Mike. 		Mike (15)
124932 2003-03-03 05:06:00 anybody? :(

Mike. 		Mike (15)
124933 2003-03-03 06:28:00 I really do not see how IIS permissions work. I've tried them and they just all seem rather inconsistent.

Perhaps you could try to allow full access then have a .htaccess file (or what ever it is) to give people passwords. 		-=JM=- (16)
124934 2003-03-03 20:55:00 In terms of access what do you mean?
Do you mean access the setup of IIS (ie open the IIS console) or access to the server to view web pages?

You will struggle to enable anyone but administrator members to open the IIS console because it is a system process.
If all you want to do is lock a paticular web app for access by only a select bunch of people open the IIS console, right click on the web app and select all tasks -> permissions wizard

Select to define new permissions and decide what encryption to use. Be aware that Basic encryption is no good in practice because Windows logins and passwords are transferred in clear text across the network. 		paintbuoy (3087)
124935 2003-03-04 06:55:00 > In terms of access what do you mean?
> Do you mean access the setup of IIS (ie open the IIS
> console) or access to the server to view web pages?

Access web pages just as we've accessed PressF1 here. I have webpages running on my IIS and I want selected people to be able to browse them (through the internet, not a LAN), but I can't find how to allow them access etc. But as I only want certain people to access the pages, I don't want to remove the security altogether, so I want the login screen that appears to remain, but I want to allow those people logins to access the pages.

I have a feeling that if I add more users to XP they could use those names/passwords to access, but this really isn't practical.

Mike. 		Mike (15)
124936 2003-03-04 20:37:00 Oh right'o I know what you mean know.

Defining application security through applying security permissions relies on the Windows 2000 authentication system. In order to restrict access this way you would need to setup a user account for each user or setup a single internet_user account that they all share.

If you find the idea of allowing system access to these users (I do) your only real option is to build an active server page (asp, php, cgi) that takes user names and passwords and validates them against a database (such as mySQL or SQL Server). This can take a while to code and be a pain to maintain.

Another solution would be to dump IIS in favour of Apache or Tomcat. Both these open source webservers allow the creation of user databases (both relational and XML) to minimise access to certain web resources.
Checkout httpd.apache.org and http:

Apache is just as good (even better??) than IIS in terms of speed and security. Tomcat is Java based and allows the creation of servlets and jsp's.

I hope this is in some way handy. 		paintbuoy (3087)
124937 2003-03-05 00:45:00 I know nothing. But. It looks as if you have set it up so that the server is being accessed through the control console, not as the HTTP server which the console controls. :D

Why not have it so that people from anywhere can access a home page which contains something totally innocuous, with links to areas you want to give limited access to, which are protected by .htaccess files. Using the links should initiate the access checking. 		Graham L (2)
1