|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
IIS and EFSHi,
We are planning to use either IIS 5.0 or 6.0 for some internal use. All of our users must go through a single sign on authentication first before they can use any one of the available services. I was wondering if we use EFS to encrypt the IIS root folder, when the end users coming to our site are they required by EFS to be authenticated? Based on a KB article, Q243756, that I read today it sounds like the user will be required to be authenticated first. If that’s the case is there any way that we can let the users coming to our site without being authenticated first, in the meantime being able to use EFS? Thanks FH Don't think is possible as my understand is that - becaues those files are
encrypted with user private keys. Hence, you need to authenticate first, or else IIS won't know which user's private key to use to retrieve the file. -- Show quoteHide quoteRegards, Bernard Cheah http://www.microsoft.com/iis/ http://www.iiswebcastseries.com/ http://www.msmvps.com/bernard/ "Ageen" <Ag***@discussions.microsoft.com> wrote in message news:CF3589D4-62BB-495F-AEBB-D857988D3857@microsoft.com... > Hi, > > We are planning to use either IIS 5.0 or 6.0 for some > internal use. All of our users must go through a > single sign on authentication first before they can > use any one of the available services. I was wondering > if we use EFS to encrypt the IIS root folder, when the > end users coming to our site are they required by EFS > to be authenticated? Based on a KB article, Q243756, > that I read today it sounds like the user will be > required to be authenticated first. If that’s the case > is there any way that we can let the users coming to > our site without being authenticated first, in the > meantime being able to use EFS? Thanks > > FH > > > Hi,
That is true. It won't work (at least not easily). Private keys of the user's would have to be on IIS server in user's profiles (yes, users would have to have profiles on IIS server for storing private keys) and the server would have to be Trusted for Kerberos Delegation etc... -- Show quoteHide quoteMike Microsoft MVP - Windows Security "Bernard Cheah [MVP]" <qbern***@hotmail.com.discuss> wrote in message news:%23eAIhOcjFHA.2852@TK2MSFTNGP15.phx.gbl... > Don't think is possible as my understand is that - becaues those files are > encrypted with user private keys. Hence, you need to authenticate first, > or else IIS won't know which user's private key to use to retrieve the > file. > > -- > Regards, > Bernard Cheah > http://www.microsoft.com/iis/ > http://www.iiswebcastseries.com/ > http://www.msmvps.com/bernard/ > > > "Ageen" <Ag***@discussions.microsoft.com> wrote in message > news:CF3589D4-62BB-495F-AEBB-D857988D3857@microsoft.com... >> Hi, >> >> We are planning to use either IIS 5.0 or 6.0 for some >> internal use. All of our users must go through a >> single sign on authentication first before they can >> use any one of the available services. I was wondering >> if we use EFS to encrypt the IIS root folder, when the >> end users coming to our site are they required by EFS >> to be authenticated? Based on a KB article, Q243756, >> that I read today it sounds like the user will be >> required to be authenticated first. If that’s the case >> is there any way that we can let the users coming to >> our site without being authenticated first, in the >> meantime being able to use EFS? Thanks >> >> FH >> >> >> > > 
Other interesting topics
Authentication is not wanted.
Integrated Authenticatoin - Default to the main domain IIS authentification with a ASP Application on a SAMBA host IIS6 NT Authentication fails Basic auth without dialog - no database secure ftp Why is login requesting domain for some users? 401.1 - Integrated Security Error when using VB application firewall suggestions? Running IIS MMC from workstation |
|||||||||||||||||||||||
