IIS 6 help..

[SinNisTeR]

Just recently I started playing with IIS again after a long break.. Is there a way to secure directories without setting up domain users and disabling anonymous access? I'd like to just write down a username/password in a file and secure it that way, much like .htpasswd/.htaccess. I tried using IISPassword, but it doesn't work with Frontpage Extensions..

Thanks!

 

[Markbnj]

Use the <location> element in the .config file to specify the access rights to a given folder. Basically a location specifies a folder in the application that has it's own set of configuration options, which participates in the .config inheritance scheme like any other configuration section. So you can do this...

<configuration>
<location path="SecureDir/">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
</configuration>

http://msdn2.microsoft.com/en-us/library/b6x6shw7.aspx

 

[drebo]

Alternatively, if you remove the IUSR account from the directly security, you will receive a login prompt when attempting to view that directory remotely. Any account with access to that directory will then be able to login and view it.

Personally, though, I use ColdFusion and have written a basic HTTP authentication script I can put in the application.cfm file that forces login in order to view any files in the directory.

 

[SinNisTeR]

I guess I should be more clear.. I know how to secure it using NTFS permissions and disabling Anonymous access.. I need to be able to say something like:

<deny "*" />
<allow user="blah" password"blah" />

I'm trying to avoid seting up domain users and all.. I just need a quick, simple method of allowing/blocking users.

Doing it in Tomcat with Java Servlets is extremely easy. =\

 

[SinNisTeR]

Ah, it was so simple, but I had issues finding an example yesterday.

Here is how to do it for those who are wondering how:
http://www.15seconds.com/issue/020220.htm