| Groups | Blog | Home |
iis security : Allowing only Authenticated Users to access the Web Page
contractors. The 10 contractors have emails addresses and exist in our domain. I would like to be able to restrict the contractors from accessing a internal webpage. I would easily be able to do this be adding them to a group and denying the group. I also want the 50 employees to be able to see the webpage. What is the correct Authentication Method to do this? I obviously want for the server to contact the DC to see if the user is allowed to seee the page and if so allow the user to view the page. Thanks alot.
[quoted text, click to view]
"Zack Schneeberger" <schneebie1@hotmail.com> wrote in message news:a2aa04c0.0409200818.75bab8b6@posting.google.com... >I am the network administrator for a company of 50 employees and 10 > contractors. The 10 contractors have emails addresses and exist in our > domain. > > I would like to be able to restrict the contractors from accessing a > internal webpage. I would easily be able to do this be adding them to > a group and denying the group. I also want the 50 employees to be able > to see the webpage. What is the correct Authentication Method to do > this? I obviously want for the server to contact the DC to see if the > user is allowed to seee the page and if so allow the user to view the > page. IIS 5 Documentation http://www.microsoft.com/windows2000/en/server/iis/ Microsoft Internet Information Server Administration Server Administration Security Authentication Access Control IIS 6 Documentation http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/standard/gs_authentication.asp HOW TO: Configure IIS 5.0 Web Site Authentication in Windows 2000 http://support.microsoft.com/?id=310344 HOW TO: Configure User and Group Access on an Intranet in Windows 2000 or Windows NT 4.0 http://support.microsoft.com/?id=325358 HOW TO: Configure IIS Web Site Authentication in Windows Server 2003 http://support.microsoft.com/default.aspx?scid=kb;en-us;324274 -- Tom Kaminski IIS MVP http://www.microsoft.com/windowsserver2003/community/centers/iis/ http://mvp.support.microsoft.com/ http://www.iisfaq.com/ http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS http://www.tryiis.com
Hi Zack,
What you could do is enable Integrated Windows Authentication and disable Anonymous Access. Next thing you need to do is edit NTFS permissions on website content (best to do it on the folder that holds your web data files). Create a group for the users that need access to this site. Give this group appropriate permissions (e.g. read). You will also want to grant less restrictive permissions to the administrator and webmaster. Now if you set this right your contractors should not see this site (they will be prompted for username and password, but should not be able to get to the content of the website). Note, that if your contractors are members of domain, you can't use Domain Users, Authenticated Users or Everyone groups for restrictions. They fall under security context of this groups. I hope this helps, Mike [quoted text, click to view] "Zack Schneeberger" <schneebie1@hotmail.com> wrote in message news:a2aa04c0.0409200818.75bab8b6@posting.google.com... > I am the network administrator for a company of 50 employees and 10 > contractors. The 10 contractors have emails addresses and exist in our > domain. > > I would like to be able to restrict the contractors from accessing a > internal webpage. I would easily be able to do this be adding them to > a group and denying the group. I also want the 50 employees to be able > to see the webpage. What is the correct Authentication Method to do > this? I obviously want for the server to contact the DC to see if the > user is allowed to seee the page and if so allow the user to view the > page. > > Thanks alot. > > Zack
Thanks alot for everyone's help.
[quoted text, click to view] "Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> wrote in message news:<cin5v0$i6h16@kcweb01.netnews.att.com>...
> "Zack Schneeberger" <schneebie1@hotmail.com> wrote in message > news:a2aa04c0.0409200818.75bab8b6@posting.google.com... > >I am the network administrator for a company of 50 employees and 10 > > contractors. The 10 contractors have emails addresses and exist in our > > domain. > > > > I would like to be able to restrict the contractors from accessing a > > internal webpage. I would easily be able to do this be adding them to > > a group and denying the group. I also want the 50 employees to be able > > to see the webpage. What is the correct Authentication Method to do > > this? I obviously want for the server to contact the DC to see if the > > user is allowed to seee the page and if so allow the user to view the > > page. > > IIS 5 Documentation > http://www.microsoft.com/windows2000/en/server/iis/ > Microsoft Internet Information Server > Administration > Server Administration > Security > Authentication > Access Control > > IIS 6 Documentation > http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/standard/gs_authentication.asp > > HOW TO: Configure IIS 5.0 Web Site Authentication in Windows 2000 > http://support.microsoft.com/?id=310344 > > HOW TO: Configure User and Group Access on an Intranet in Windows 2000 or > Windows NT 4.0 > http://support.microsoft.com/?id=325358 > > HOW TO: Configure IIS Web Site Authentication in Windows Server 2003
A new twist:
The page is suppose to be available over the internet for employees to log into at home. With "Integrated Windows Authentication" enabled, only Administrators are able to see the page over the internet. (After entering user name and password). How can I let our employees and only our employees see the webpage over the internet. Zack [quoted text, click to view] schneebie1@hotmail.com (Zack Schneeberger) wrote in message news:<a2aa04c0.0409211143.154842d1@posting.google.com>...
> Thanks alot for everyone's help. > > "Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> wrote in message news:<cin5v0$i6h16@kcweb01.netnews.att.com>... > > "Zack Schneeberger" <schneebie1@hotmail.com> wrote in message > > news:a2aa04c0.0409200818.75bab8b6@posting.google.com... > > >I am the network administrator for a company of 50 employees and 10 > > > contractors. The 10 contractors have emails addresses and exist in our > > > domain. > > > > > > I would like to be able to restrict the contractors from accessing a > > > internal webpage. I would easily be able to do this be adding them to > > > a group and denying the group. I also want the 50 employees to be able > > > to see the webpage. What is the correct Authentication Method to do > > > this? I obviously want for the server to contact the DC to see if the > > > user is allowed to seee the page and if so allow the user to view the > > > page. > > > > IIS 5 Documentation > > http://www.microsoft.com/windows2000/en/server/iis/ > > Microsoft Internet Information Server > > Administration > > Server Administration > > Security > > Authentication > > Access Control > > > > IIS 6 Documentation > > http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/standard/gs_authentication.asp > > > > HOW TO: Configure IIS 5.0 Web Site Authentication in Windows 2000 > > http://support.microsoft.com/?id=310344 > > > > HOW TO: Configure User and Group Access on an Intranet in Windows 2000 or > > Windows NT 4.0 > > http://support.microsoft.com/?id=325358 > > > > HOW TO: Configure IIS Web Site Authentication in Windows Server 2003
Anyone?
[quoted text, click to view] schneebie1@hotmail.com (Zack Schneeberger) wrote in message news:<a2aa04c0.0409231220.4027b78a@posting.google.com>...
> A new twist: > > The page is suppose to be available over the internet for employees to > log into at home. With "Integrated Windows Authentication" enabled, > only Administrators are able to see the page over the internet. (After > entering user name and password). > > How can I let our employees and only our employees see the webpage > over the internet. > > Zack > schneebie1@hotmail.com (Zack Schneeberger) wrote in message news:<a2aa04c0.0409211143.154842d1@posting.google.com>... > > Thanks alot for everyone's help. > > > > "Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> wrote in message news:<cin5v0$i6h16@kcweb01.netnews.att.com>... > > > "Zack Schneeberger" <schneebie1@hotmail.com> wrote in message > > > news:a2aa04c0.0409200818.75bab8b6@posting.google.com... > > > >I am the network administrator for a company of 50 employees and 10 > > > > contractors. The 10 contractors have emails addresses and exist in our > > > > domain. > > > > > > > > I would like to be able to restrict the contractors from accessing a > > > > internal webpage. I would easily be able to do this be adding them to > > > > a group and denying the group. I also want the 50 employees to be able > > > > to see the webpage. What is the correct Authentication Method to do > > > > this? I obviously want for the server to contact the DC to see if the > > > > user is allowed to seee the page and if so allow the user to view the > > > > page. > > > > > > IIS 5 Documentation > > > http://www.microsoft.com/windows2000/en/server/iis/ > > > Microsoft Internet Information Server > > > Administration > > > Server Administration > > > Security > > > Authentication > > > Access Control > > > > > > IIS 6 Documentation > > > http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/standard/gs_authentication.asp > > > > > > HOW TO: Configure IIS 5.0 Web Site Authentication in Windows 2000 > > > http://support.microsoft.com/?id=310344 > > > > > > HOW TO: Configure User and Group Access on an Intranet in Windows 2000 or > > > Windows NT 4.0 > > > http://support.microsoft.com/?id=325358 > > > > > > HOW TO: Configure IIS Web Site Authentication in Windows Server 2003
[quoted text, click to view]
"Zack Schneeberger" <schneebie1@hotmail.com> wrote in message news:a2aa04c0.0409231220.4027b78a@posting.google.com... >A new twist: > > The page is suppose to be available over the internet for employees to > log into at home. With "Integrated Windows Authentication" enabled, > only Administrators are able to see the page over the internet. (After > entering user name and password). > > How can I let our employees and only our employees see the webpage > over the internet. It basically works the same way - although Windows Intergated authentication is primarily intended for intranet and not internet use. What happens when non-admins try to access (specifically what message if any do they get)? -- Tom Kaminski IIS MVP http://www.microsoft.com/windowsserver2003/community/centers/iis/ http://mvp.support.microsoft.com/ http://www.iisfaq.com/ http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS http://www.tryiis.com
Don't see what you're looking for? Try a search.
|
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |