SecureDirectoriesIIS |
|
Your trail: |
Difference between
version 10
and
version 9:
At line 1 added 1 line. |
Here's a quick howto for securing certain directories on IIS. I'm doing this example and screenshots from Windows XP, but it should work the same on a Windows 2000 machine. First of all, I have c:\Inetpub\wwwroot as my Home Directory: |
At line 3 added 30 lines. |
[http://raibledesigns.com/repository/images/iis-homedir.png] |
|
Create a test directory to secure, or select an existing directory. For the purposes of this demonstration, I created an "admin" directory under c:\Inetpub\wwwroot: |
|
[http://raibledesigns.com/repository/images/iis-newadmindir.png] |
|
Create an __index.html__ file in the admin directory with the following contents: |
|
{{{ |
<html> |
<head> |
<title>Login Success</title> |
</head> |
|
<body> |
Congrats - you made it! |
</body> |
|
</html>}}} |
|
Now we need to configure IIS to protect the "admin" folder from just anyone. |
|
* Open the IIS Admin Console (Start -> Programs -> Administrative Tools -> Internet Information Services) |
* Navigate to COMPUTER_NAME -> Web Sites -> Default Web Site |
* Right-click -> Properties for the "admin" folder |
* Select the Directory Security tab and click the "Edit" button to change __Anonymous access and authentication control__ |
* Uncheck ''Anonymous access'', check ''Basic authentication'' (selecting the default domain) and leave ''Integrated Windows authentication'' checked |
* Stop and restart Default Web Site |
|
''Integrated Windows authentication'' will allow users to auto-login if they're using IE and logged into the domain. Basically, this setup will allow only domain users to view the "admin" folder. |
Back to SecureDirectoriesIIS,
or to the Page History.
|