Probably simple question but: I need to have a logon and password screen popup when a couple particular files are accessed on a website. I am using Server 2000 and IIS 5.

Here is the site and an example of how it should work, click on "client 1": http://www.hohneng.com/clientdata/clientdata.htm

Currently a third party program (Sambar Server) is enabling this functionality, but I'm phasing this program out.

I am a novice user and appreciate detailed instructions or reference materials.

Thanks in advance -- andrena ------------------------------------------------------------------------ andrena's Profile: http://www.highdots.com/forums/member.php?userid=417 View this thread: http://www.highdots.com/forums/showthread.php?t=1856752

Hi,

Since IIS will honor NTFS permissions you can configure it there. E.g. put
files in a folder and remove IUSR accounts and e.g. Everyone accounts from
there. Add "Authenticated Users" group to this folder and assign it Read
permissions (don't forget to have e.g. Administrator or some other group on
the folder with Full control).

With these settings we prevented Anonymous access and users will be prompted
to enter valid username and password (Authenticated Users...)...

On IIS you should disable Anonymous Access on this folder and e.g. enable
Basic Authentication. In this case also make sure you are using https to
prevent sniffing of password when users enter them.

Be careful with these settings since it can leave your web server quite
vulnerable (e.g. don't give Authenticated Users or IUSR accounts Write
permissions to the hard drive...)...

I hope this helps,

Show quoteHide quote

Redirecting http:// to https:/
How to disable SSL Security Alert in IE
Problem with IIS, Powerpoint and AVI-File
SSL Issue - Urgent
IIS 5 - Integrated Windows Authentication Issues
How to create a Client certificate
Certificate Question
Securing IIS 6
Exchange 2003 OWA and IIS over SSL
Http Error 401.1