RE: IIS protection

From: WenJun Zhang[msft] (v-wzhang_at_online.microsoft.com)
Date: 04/07/04 

Date: Wed, 07 Apr 2004 05:08:50 GMT

In this case, the authorized users are coming from dynamic IPs, so IP
protections isn't fully helpful: you must allow whole the IP scope of
DHCP to prevent any authorized ones from being denied.

"Is there another way to protect the server or allow individual user
to access the site?"
Sure, to achieve this, enabling user authentication is necessary:

1) First, grant these authorized domain user accounts with Read NTFS
permission on the site's physical directory. If they don't have
domain accounts or your server is a stand-alone workstation, create
account for these users in computer management and provide them with
the username and password. Refer to the following article to set NTFS
permission.

HOW TO: Use NTFS Security to Protect a Web Page Running on IIS 4.0 or
5.0
http://support.microsoft.com/default.aspx?scid=kb;EN-US;299970

2) Disable anonymous access in the site's Directory Security tab and
enable either Basic authentication or Integrated windows auth:

(For Basic auth, users must have 'Log on locally' permission:)
IIS: How to Configure Basic/Clear Text Authentication for IIS 5.0 in
Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;262233

Here is an overview of IIS user authentication methods:
HOW TO: Configure Internet Information Services Web Authentication in
Windows 2000
http://support.microsoft.com/?id=308160

If anything is unclear, please feel free to let me know.

Best regards,

WenJun Zhang
Microsoft Online Support
This posting is provided "AS IS" with no warranties, and confers no
rights.
Get Secure! - www.microsoft.com/security

Relevant Pages

  • Re: Windows Authentication method on IIS6
    ... The microsoft.public.windows.server.* groups deal with Windows 2003 ... The microsoft.public.inetserver.* groups deal with IIS ... > the authentication button, ... You can configure either one or multiple realm names on a server running IIS ...
    (microsoft.public.win2000.security)
  • Re: How to access Windows IIS User Info with Perl
    ... but the IIS server is configured for Windows ... allowed for Basic Authentication, Windows Authentication (or whatever ... Do you know if they are part of a standard ...
    (comp.lang.perl.misc)
  • Windows Authentication with IIS on separate machines
    ... Yes, setting Basic Authentication in IIS works, but the ... >in SQL server but doesn't work if user account was ... >imported from a Windows account. ...
    (microsoft.public.sqlserver.security)
  • Re: Change in ASP.Net authentication between Win2000 and Win2003
    ... IIS Resource Guide). ... I next looked a little into Windows 2003. ... IMHO, the label on the option, "Enable Integrated Windows Authentication", ... the documentation leads one to ...
    (microsoft.public.inetserver.iis.security)
  • Re: Change in ASP.Net authentication between Win2000 and Win2003
    ... IIS Resource Guide). ... I next looked a little into Windows 2003. ... IMHO, the label on the option, "Enable Integrated Windows Authentication", ... the documentation leads one to ...
    (microsoft.public.windows.server.security)