I am using IIS 6 and would like to know the best practices for securing an
area of a public website. It is only one directory structure that should
require a username and password. This server is not connected to any Active
directory. Can someone please point me in the right direction for allowing
anonymous for the entire site except one directory structure? Thank you.
Here's what you need to do. It's not the only way, there are variations of
the same, but it's the easiest to understand.
- In IIS, create a virtual directory for the folder that is to be protected.
- In IIS, set the authentication type you plan to use for this directory. If
it's public website accessible over the internet you can't use Windows
Integrated, so you probably need to use Basic. As the credentials will be
passed in clear text, this means you must use SSL to encrypt the
credentials. You can bypass this altogether by using an authentication
mechanism within the web site (i.e a login page) but it is more complicated
to set up.
- In NTFS on the folder you want to protect, set the permissions for the
people who should be able to access it. Obviously you will now need to
maintain local user accounts and groups for the people who will have access
to the protected directory.
- The rest of the site will continue to use Anonymous access.
Anthony
www.airdesk.co.uk
"Bad Beagle"
news:eN6R2kdVHHA.4384@TK2MSFTNGP02.phx.gbl...
>I am using IIS 6 and would like to know the best practices for securing an
>area of a public website. It is only one directory structure that should
>require a username and password. This server is not connected to any
>Active directory. Can someone please point me in the right direction for
>allowing anonymous for the entire site except one directory structure?
>Thank you.
>