|
Home > Archive > IIS Server Security > July 2005 > IIS and EFS
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
|
| Hi,
We are planning to use either IIS 5.0 or 6.0 for some
internal use. All of our users must go through a
single sign on authentication first before they can
use any one of the available services. I was wondering
if we use EFS to encrypt the IIS root folder, when the
end users coming to our site are they required by EFS
to be authenticated? Based on a KB article, Q243756,
that I read today it sounds like the user will be
required to be authenticated first. If that’s the case
is there any way that we can let the users coming to
our site without being authenticated first, in the
meantime being able to use EFS? Thanks
FH
| |
| Bernard Cheah [MVP] 2005-07-21, 2:48 am |
| Don't think is possible as my understand is that - becaues those files are
encrypted with user private keys. Hence, you need to authenticate first, or
else IIS won't know which user's private key to use to retrieve the file.
--
Regards,
Bernard Cheah
http://www.microsoft.com/iis/
http://www.iiswebcastseries.com/
http://www.msmvps.com/bernard/
"Ageen" <Ageen@discussions.microsoft.com> wrote in message
news:CF3589D4-62BB-495F-AEBB-D857988D3857@microsoft.com...
> Hi,
>
> We are planning to use either IIS 5.0 or 6.0 for some
> internal use. All of our users must go through a
> single sign on authentication first before they can
> use any one of the available services. I was wondering
> if we use EFS to encrypt the IIS root folder, when the
> end users coming to our site are they required by EFS
> to be authenticated? Based on a KB article, Q243756,
> that I read today it sounds like the user will be
> required to be authenticated first. If that’s the case
> is there any way that we can let the users coming to
> our site without being authenticated first, in the
> meantime being able to use EFS? Thanks
>
> FH
>
>
>
| |
| Miha Pihler [MVP] 2005-07-21, 6:02 pm |
| Hi,
That is true. It won't work (at least not easily). Private keys of the
user's would have to be on IIS server in user's profiles (yes, users would
have to have profiles on IIS server for storing private keys) and the server
would have to be Trusted for Kerberos Delegation etc...
--
Mike
Microsoft MVP - Windows Security
"Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message
news:%23eAIhOcjFHA.2852@TK2MSFTNGP15.phx.gbl...
> Don't think is possible as my understand is that - becaues those files are
> encrypted with user private keys. Hence, you need to authenticate first,
> or else IIS won't know which user's private key to use to retrieve the
> file.
>
> --
> Regards,
> Bernard Cheah
> http://www.microsoft.com/iis/
> http://www.iiswebcastseries.com/
> http://www.msmvps.com/bernard/
>
>
> "Ageen" <Ageen@discussions.microsoft.com> wrote in message
> news:CF3589D4-62BB-495F-AEBB-D857988D3857@microsoft.com...
>
>
|
|
|
|
|