|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Basic Authentication for only one special userHi,
I have a Win2003 Server with IIS 6 in an intranet environment and i want to use basic authentication (that works fine) and only one special local user to be able to log in. can anybody describe me how to do that? Thanks a lot Gerhard Basic authentication will by the IIS default - authenticate you against a
local user store or domain store. THe only way to do what you want is to control access via NTFS permissions on the file system. Removing rights for users who you do not want to have access. Remember that DENY rights DENY a user even if explicit ALLOW rights exist. You could also look at a product call IIS Password... IIS password protection of files and folders has always been dificult. IISPassword brings the ease and power of Apache's htaccess to Microsoft IIS. No longer is there a need for system user accounts and complex access permissions for maintaining a secure, password protected web site. IISPassword uses Basic HTTP Authentication for password protecting web sites on IIS, just like htaccess works on Apache. That makes your password protected Apache web site compatible with IIS, and vice versa. A powerful and intuitive interface makes it possible to password protect a web site in just moments. More advanced settings provide options such as user group management and protection of certain file types. This is a free product and is very nicely implemented and probably will do exacly what you need. http://www.troxo.com/products/iispassword/ "Gerhard Rauter" <gerhard.rau***@swisscom.com> wrote in message news:1152196218.912130@ftpgate...Show quoteHide quote > Hi, > > I have a Win2003 Server with IIS 6 in an intranet environment and i want > to > use basic authentication (that works fine) and only one special local user > to be able to log in. > > can anybody describe me how to do that? > > Thanks a lot > > Gerhard > > Hi,
Chris is correct. Authentication is the process of identifying the user. What you want to do is deny the user access to things based on their identity: that is authorization. So, there are two ways to do this: a) if you just want to prevent access to files, use NTFS permissions. Give that one user access to the files, and deny access to other users b) if you want to prevent the ability to actually "logon", then you can change the local security policy of the server (Start -> Run -> Secpol.msc) and change which accounts are allowed to logon to the server. Cheers Ken "Gerhard Rauter" <gerhard.rau***@swisscom.com> wrote in message news:1152196218.912130@ftpgate...Show quoteHide quote > Hi, > > I have a Win2003 Server with IIS 6 in an intranet environment and i want > to > use basic authentication (that works fine) and only one special local user > to be able to log in. > > can anybody describe me how to do that? > > Thanks a lot > > Gerhard > > 
Other interesting topics
IIS passing server credentials rather than user credentials
Security templates and IUSR account log on locally IE does not offer to open item downloaded via https Can i make personal ssl cert from verisign's one? Filtering Query String SelfSSL and multiple sites in IIS6? how can I stop attempted logons by hackers through IIS? Deleted certificate request IIS logs show domain laptop logging into WEBDAV monitor access to docs on IIS |
|||||||||||||||||||||||
