I have a virtual directory setup on my server. The main website is public on port 80 but I have a /subfolder virtual directory that I want to ask for a username and password (not a ASP page, standard username password prompt).
Any ideas?
You can set the permissions on each directory separately, so you can leave the main site open to everyone (allow anonymous access), but then restrict the subdirectory (turn off anonymous access and turn on something else, such as basic authentication--just be aware of the security implications if you use basic authentication over HTTP instead of HTTPS). Select the directory and then click on the Authentication option to change these settings.
See also http://technet.microsoft.com/en-us/library/cc733010%28WS.10%29.aspx for more info on the pros and cons of various authentication options and the things you should consider.
Related
I'm working on a web portal where a user is authenticated by LDAP through a perl CGI form. The authentication process uses the Net::LDAPS module. When logged in, the system keeps the user's authenticated status and creates a CGI cookie and the user can perform various actions through the portal, mostly interactions with a database, until the user logs out.
On the same server there's a directory with some files. I want a user to be able to log in to the web portal and then browse the file directory and be able to download those files.
The simplest way I can think of is placing an htaccess file with "Options +Indexes" and ldap authentication into the directory, but that would require another login that's not linked with the web portal.
Is there a way to link the web portal cgi-based ldap authentication to htaccess file?
You mention that the user can log out and then no longer use the portal. But there is no portable way for logging out a user with basic authentication. They will be able to continue browsing the directories.
Instead of your CGI script that authenticates the user, you can simply configure LDAP authentication for both the data directories and the portal. Ugly, but it would work.
The better and cleaner option for you will be to provide access to the data directories not directly but through the portal only. If you use Apache's path info feature (https://httpd.apache.org/docs/2.4/de/mod/core.html#acceptpathinfo) you don't even have to bother about checking the path for malicious "../../.." constructs and the URIs will look very natural to your users.
In IIS 7, how do you configure folder access for basic authentication against domain?
I've done the following:
Enabled Authentication - Basic Mode.
This seems to work for regular folders, but once I convert the folder to an Application in IIS, users get rejected unless I add them specifically to the Security item in Windows. Do I need to do this for every single user?
What if I need all members of domain to access a given url?
i having a problem when i tried to use a domain user as a specified user name in basic settings-> connect as. I want to access a shared folder that located in another server.
The web server always says if the username or password isn't correct and always throw 500.19 error when I started to browse the application.
Error Capture
However when I explore the app from IIS, it can be opened. I even tried a remote login to the server using the same username and password and it's just fine.
Image 2
The server I am using for running the web server is a Workgroup computer and in a DMZ. Is that a reason why IIS can't authecticate domain user?
Sorry for my terrible english here, because i'm in panic situation right now. I hope you can understand what i'm asking about and hope somebody has an answer. Thanks
You're right, if your computer is not joined to the Active Directory domain, you won't be able to authenticate using a Domain account.
Should the site be publicly accessible? If so, you would want to set your authentication to Anonymous and then configure the authentication settings to authenticate either as a built in user (NETWORK SERVICE, AppPoolIdentity) or a local machine user created specifically for the application.
A developer posts their code from a staging site (which requires authentication) to the live public site (which should not) and suddenly the live site is requiring authentication (which is not good).
They don't have permissions to change any settings on the server(s) and there is no call from the code on the live site to anything on the staging site, that I can locate. (No forgotten calls to an image on the staging site or anything)
Can the group think of some file that might have been removed/changed that could cause this to happen? I checked this question as well - [HTTP Authentication in ASP Classic via IIS] - but none of those methods are being used.
App is Classic ASP, IIS6.0 server.
Security Settings - Anonymous Access permitted on the live site. Account for anonymous internet users allowed read access to the directory where the site is located - user is unable to change directory or site permissions on the server.
Thanks!
Did the files retain their security permissions from the folder they were copied from? Reset the permissions on the files.
Are you using a four-part URL to get to the site (http://www.somesite.com/)? That will default to the Internet zone and not intranet, prompting for authentication.
User will get challenged when Anonymous Access is turned off in IIS. What are the security settings? Without that information, we will not be able to help much.
When I setup IIS6 to develop projects locally I have to enable "Integrated Windows Authentication" under directory security in order for my CSS & Images to show up. (Note: I have double checked that network service has rights to all directories in my web application)
However this often causes my browser to prompt me for windows login username and password when I am running the application.
Is there anyway to get around entering a windows login password all the time ?
(I am using windows xp pro 64bit)
Maybe it is some problem with the kerberos authentication to your web site. Just disable it on your site. from the c:\Inetpub\AdminScripts directory run this command.
cscript adsutil.vbs set w3svc/WebSite/root/NTAuthenticationProviders "NTLM"
Or change the authentication to anonymous. And make sure that the user in the directory security tab (IUSR_computername) has access to said directories. It is not the application pool user who access files and other resources.
Well it certainly is not as it's supposed to be!
You say you've double checked that Network Service has access to the directories. But with anonymous access, the account that needs access is the IUSR_[machinename] account. The account is specified under the Directory Security tab.
If all else fails, for local development you might as well grant everyone access to the directories.