Securing virtual directories

28 May 2009 7:39 PM

jay

I am using IIS 6 trying to prevent a user group from being able to access the
virtual directories. I have prevented the group from accessing files on the
IIS server by turning off anonymous authentication. however if the users in
the restricted group know the virtual directory name they can access the
files by typing in the virtual directory name.

I don't want the restricted group to be able to access the virtual
directories but I don't want the users that should have access have to enter
a username and password to access it. How can I do this?

31 May 2009 11:21 AM

David Wang

On May 28, 12:39 pm, jay <j***@discussions.microsoft.com> wrote:

> I am using IIS 6 trying to prevent a user group from being able to access the
> virtual directories. I have prevented the group from accessing files on the
> IIS server by turning off anonymous authentication. however if the users in
> the restricted group know the virtual directory name they can access the
> files by typing in the virtual directory name.
>
> I don't want the restricted group to be able to access the virtual
> directories but I don't want the users that should have access have to enter
> a username and password to access it. How can I do this?

Turn off anonymous authentication. Turn on any other authentication.
ACL the files/directories to the group of users that should have
access (or deny access to the group of users that should not have
access).

//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//