|
Home > Archive > IIS Server Security > July 2004 > Setting Up IIS secure website
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Setting Up IIS secure website
|
|
|
| Hello,
I am using Win XP SP 1, IIS 5.1
I can see my web site over the internet. I am trying to
set up a secure folder on my web site. I have tried to
use the permissions wizard using the template Secure Web
Site. I use the (recommended) Replace All Directory and
File Permissions. Then the wizard is finished. I have
created a user 'XXX' with a password and made XXX part of
the guest group, this is the user I would like to access
the site. (I copied the settings from the default acount
IUSR_XXXXXX) When I try to access the folder on my web
site a login screen comes up, I type in the name and
password and it says I am not authorized. I then tried
using my administrator password and that didn't even work.
I think I must have set something up wrong because no
matter what I do I can't get into the web site once I set
it as secure.... I hope I gave enough info Please Help
JOSH
| |
| Jeff Cochran 2004-07-28, 6:18 pm |
| On Wed, 28 Jul 2004 07:34:32 -0700, "Josh"
<anonymous@discussions.microsoft.com> wrote:
>I am using Win XP SP 1, IIS 5.1
>I can see my web site over the internet. I am trying to
>set up a secure folder on my web site. I have tried to
>use the permissions wizard using the template Secure Web
>Site. I use the (recommended) Replace All Directory and
>File Permissions. Then the wizard is finished. I have
>created a user 'XXX' with a password and made XXX part of
>the guest group, this is the user I would like to access
>the site. (I copied the settings from the default acount
>IUSR_XXXXXX) When I try to access the folder on my web
>site a login screen comes up, I type in the name and
>password and it says I am not authorized. I then tried
>using my administrator password and that didn't even work.
>I think I must have set something up wrong because no
>matter what I do I can't get into the web site once I set
>it as secure.... I hope I gave enough info Please Help
See:
How To Use NTFS Security to Protect a Web Page Running on IIS 4.0 or
5.0
http://support.microsoft.com/?id=299970
HOW TO: Configure IIS 5.0 Web Site Authentication in Windows 2000
http://support.microsoft.com/?id=310344
Jeff
| |
|
| Thanks, that helped.
I found that by unchecking the "Integrated Windows
Authentication" and only selecting Basic Authentication I
was able to use the quest account I set up to log into my
web site. One last question, I understand that when using
a password without SSL it is sent in clear text. If some
how some one did get that password to my guest account
what kind of access would they have to do damage to my
system? (The user and password is only a member of the
Guests group).
>-----Original Message-----
>On Wed, 28 Jul 2004 07:34:32 -0700, "Josh"
><anonymous@discussions.microsoft.com> wrote:
>
of[vbcol=seagreen]
acount[vbcol=seagreen]
work.[vbcol=seagreen]
set[vbcol=seagreen]
>
>See:
>
>How To Use NTFS Security to Protect a Web Page Running on
IIS 4.0 or
>5.0
>http://support.microsoft.com/?id=299970
>
>HOW TO: Configure IIS 5.0 Web Site Authentication in
Windows 2000
>http://support.microsoft.com/?id=310344
>
>Jeff
>.
>
| |
| Bernard 2004-07-29, 2:52 am |
| It depends, the risk is higher if the machine is not protected by firewall /
antivirus and etc.
If you have a firewall and only allow port 80 access, unless there's a
vulnerability in IIS, at most hacker can use the password to access your IIS
via port 80... not much of a OS access.
--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"Josh" <anonymous@discussions.microsoft.com> wrote in message
news:5fcd01c474e6$7778ebd0$a301280a@phx.gbl...[vbcol=seagreen]
> Thanks, that helped.
>
> I found that by unchecking the "Integrated Windows
> Authentication" and only selecting Basic Authentication I
> was able to use the quest account I set up to log into my
> web site. One last question, I understand that when using
> a password without SSL it is sent in clear text. If some
> how some one did get that password to my guest account
> what kind of access would they have to do damage to my
> system? (The user and password is only a member of the
> Guests group).
>
>
> of
> acount
> work.
> set
> IIS 4.0 or
> Windows 2000
|
|
|
|
|