|
Home > Archive > IIS Server Security > March 2007 > Website access through a DOMAIN ONLY
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Website access through a DOMAIN ONLY
|
|
| RajivI 2007-03-02, 7:20 am |
| I have a domain xyz.com and a member server running Windows 2000 Server. I
have created an application which I would like to host it on IIS. The first
level of security that I would like to implement is that, this website should
allow access to users only from xyz.com. Hence in the Directory Security Tab
of the website in IIS, I check the Integrated Windows Authentication and
enable the denied Access except to xyz.com domain. In the web.config file of
the application the authentication mode is set to windows. Deny Permission to
anonymous users is also enabled.
I thought by doing this should work. But it didn’t. I found out
that I also need to enable Reverse DNS Lookup for IIS inorder to enable IIS
to resolve IP into Domain Name and check the criteria of xyz.com. Hence I ran
a script as “ adsutil set EnableReverseDNS TRUE ”. But still no result, It
just gives me the page as “You are not authorized to view this page”.
--
regards,
Rajiv.I
MCP,MCSA
| |
| dba-tamuk 2007-03-02, 1:16 pm |
| In the AD environment,you havet to set the folder permissions for a Domain
User, only. In this case, you have to add xyz\domain user. This might be
tedious, but you can also add groups. So, if you have two groups and 1000
users, it would be easier to just add the groups to the folder's permissions,
rather than all 1000 users, singularly at a time.
Hope this helps!
"RajivI" wrote:
> I have a domain xyz.com and a member server running Windows 2000 Server. I
> have created an application which I would like to host it on IIS. The first
> level of security that I would like to implement is that, this website should
> allow access to users only from xyz.com. Hence in the Directory Security Tab
> of the website in IIS, I check the Integrated Windows Authentication and
> enable the denied Access except to xyz.com domain. In the web.config file of
> the application the authentication mode is set to windows. Deny Permission to
> anonymous users is also enabled.
>
> I thought by doing this should work. But it didn’t. I found out
> that I also need to enable Reverse DNS Lookup for IIS inorder to enable IIS
> to resolve IP into Domain Name and check the criteria of xyz.com. Hence I ran
> a script as “ adsutil set EnableReverseDNS TRUE ”. But still no result, It
> just gives me the page as “You are not authorized to view this page”.
>
>
>
> --
> regards,
> Rajiv.I
> MCP,MCSA
| |
| dba-tamuk 2007-03-02, 1:16 pm |
| Sorry, I have to clarify it a bit:
You have to set the folder permissions in Windows. Not in IIS, as IIS will
tell you that xyz\domain user does not have persmissions to that folder. When
you add Windows Authentication, it does change the access rights to the
folder.
"dba-tamuk" wrote:
[vbcol=seagreen]
> In the AD environment,you havet to set the folder permissions for a Domain
> User, only. In this case, you have to add xyz\domain user. This might be
> tedious, but you can also add groups. So, if you have two groups and 1000
> users, it would be easier to just add the groups to the folder's permissions,
> rather than all 1000 users, singularly at a time.
> Hope this helps!
>
>
> "RajivI" wrote:
>
| |
| Roger Abell [MVP] 2007-03-03, 1:21 am |
| After you get the content correctly permissioned at the filesystem
level to allow your Domain Users, then you will only perhaps have
attained what you indicate you want.
i.e.
> I would like to implement is that, this website should
> allow access to users only from xyz.com.
You will instead have effected that only Windows accounts
from the xyz.com Windows domain are allowed access when
they do so from a machine joined to and completely DNS
registered as joined to the xyz.com domain.
Thosse same Windows users cannot access from non-joined
machines. That is something you did not specify as desired.
"RajivI" <rajiv_p_iyer@hotmail.com> wrote in message
news:423DDD91-8EC1-4730-8CD0-8FE4E40C3B40@microsoft.com...
>I have a domain xyz.com and a member server running Windows 2000 Server. I
> have created an application which I would like to host it on IIS. The
> first
> level of security that I would like to implement is that, this website
> should
> allow access to users only from xyz.com. Hence in the Directory Security
> Tab
> of the website in IIS, I check the Integrated Windows Authentication and
> enable the denied Access except to xyz.com domain. In the web.config file
> of
> the application the authentication mode is set to windows. Deny Permission
> to
> anonymous users is also enabled.
>
> I thought by doing this should work. But it didn't. I found out
> that I also need to enable Reverse DNS Lookup for IIS inorder to enable
> IIS
> to resolve IP into Domain Name and check the criteria of xyz.com. Hence I
> ran
> a script as " adsutil set EnableReverseDNS TRUE ". But still no result, It
> just gives me the page as "You are not authorized to view this page".
>
>
>
> --
> regards,
> Rajiv.I
> MCP,MCSA
| |
| RajivI 2007-03-05, 7:26 am |
| thanks a LOT.... It Works..... WOW We are learning new thing everyday.
Interesting.
--
regards,
Rajiv.I
MCP,MCSA
"Roger Abell [MVP]" wrote:
> After you get the content correctly permissioned at the filesystem
> level to allow your Domain Users, then you will only perhaps have
> attained what you indicate you want.
> i.e.
> You will instead have effected that only Windows accounts
> from the xyz.com Windows domain are allowed access when
> they do so from a machine joined to and completely DNS
> registered as joined to the xyz.com domain.
> Thosse same Windows users cannot access from non-joined
> machines. That is something you did not specify as desired.
>
>
> "RajivI" <rajiv_p_iyer@hotmail.com> wrote in message
> news:423DDD91-8EC1-4730-8CD0-8FE4E40C3B40@microsoft.com...
>
>
>
|
|
|
|
|