09-25-04 10:54 PM
First make sure you are able to access the website properly.
change the file security from the IIS manager on the asp page and check
only integrated authentication.
make sure the file has ntfs permissions for the logon user.
if you assign a different user other than IUSR for the in the IIS, you are
allowing users to access teh page with the configured identity. you are not
securing the page however. if you want only a specific group of users to
access the page, you can enable integrate/basic on the page and remove
anonymous. then assign ntfs permissions on the page for the users from the
windows explorer.
Thanks & Regards,
Santhosh Somayajulu,
Internet Information Services Team,
Microsoft.
--------------------
>From: "Mr. T." <me@myself.net>
>Newsgroups:
microsoft.public.inetserver.iis,microsoft.public.inetserver.iis.security
>Subject: security prob when accessing restricted webpage
>Date: Sat, 25 Sep 2004 17:00:10 +0200
>Lines: 46
>Message-ID: <2rlf69F1b2oibU1@uni-berlin.de>
>X-Trace: news.uni-berlin.de
09qhclES1XYwYX4+ccBwfA5DnarTj/7wR6XSi8NTbhwt63S2b+
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1437
>X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
>Path:
cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onlin
e.de!news-lei1.dfn.de!news1.uni-leipzig.de!fu-berlin.de!uni-berlin.de!not-fo
r-mail
>Xref: cpmsftngxa06.phx.gbl microsoft.public.inetserver.iis.security:14738
microsoft.public.inetserver.iis:318156
>X-Tomcat-NG: microsoft.public.inetserver.iis.security
>
>Hi,
>
>i have a IIS 6 on Windows 2003.
>
>On one of the websites i host, they have one ASP they use for entering
data.
>They wanted to secure that one page. So i made a user with a password,
then
>in the Windows Explorer on the security settings of that ASP i removed the
>IIS_USER and added the newly created user with read and execute access. So
>far so good, it worked for months. Now, from one day on another they can't
>login anymore. Without getting an error. It just keeps popping up the
>username/password dialog over and over again. The only odd thing is that,
>f.e. when i type as username MyUserName and password, then when the dialog
>returns in the username field there is now www.mywebsite.com\MyUserName
>
>Strange enough, their "master" account, i.e. the account they use for
>ftp-upload of the complete site, is still allowed access.
>
>So i thought it was something with the user. I first removed his rights on
>that page and put them back, but that didn't help. I then completely
deleted
>the user and re-created it, but that didn't help either. Then i created a
>completely new user, with a completely different name, and gave him the
>rights on that page. No access.
>
>Then i made a testpage on my own website, gave those two new users
>permission on it and removed the anonymous user, but i could't get access.
>
>Then i thought: let's try that "master" account on my testpage, and when i
>added it to the security settings for the page, and tried to open the page,
>it wouldn't work either. So that makes me start to wonder wether it could
be
>something "bigger" than just a user problem. Maybe a security setting that
>got changed?
>
>So i'm kind of stuck with the fact that the pages that are already secured
>still remain, but that i can't add new users to them.
>
>The only thing that changed a.f.a.i. know are the updates that i installed
>through Windows Update. But that really can't be the problem. I also
thought
>about a virus, but i scanned with 2 different scanners and no viruses
found.
>
>Has anyone got an idea what might be wrong?
>
>Thx in advance!
>
>Mr. T
>
>
>
[ Post a follow-up to this message ]
| 
