Raible's Wiki

Raible Designs
Wiki Home
News
Recent Changes

AppFuse

Homepage
  - Korean
  - Chinese
  - Italian
  - Japanese

QuickStart Guide
  - Chinese
  - French
  - German
  - Italian
  - Korean
  - Portuguese
  - Spanish
  - Japanese

User Guide
  - Korean
  - Chinese

Tutorials
  - Chinese
  - German
  - Italian
  - Korean
  - Portuguese
  - Spanish

FAQ
  - Korean

Latest Downloads

Other Applications

Struts Resume
Security Example
Struts Menu

Set your name in
UserPreferences

Edit this page


Referenced by
Articles
Articles_cn
Articles_de
Articles_ko
Articles_pt
Articles_zh




JSPWiki v2.2.33

[RSS]


Hide Menu

SecureDirectoriesIIS


Here's a quick howto for securing certain directories on IIS. I'm doing this example and screenshots from Windows XP, but it should work the same on a Windows 2000 machine. First of all, I have c:\Inetpub\wwwroot as my Home Directory:

http://raibledesigns.com/repository/images/iis-homedir.png

Create a test directory to secure, or select an existing directory. For the purposes of this demonstration, I created an "admin" directory under c:\Inetpub\wwwroot:

http://raibledesigns.com/repository/images/iis-newadmindir.png

Create an index.html file in the admin directory with the following contents:

<html>
  <head>
    <title>Login Success</title>
  </head>
	
<body>
Congrats - you made it!
</body>

</html>

Now we need to configure IIS to protect the "admin" folder from just anyone.

  • Open the IIS Admin Console (Start -> Programs -> Administrative Tools -> Internet Information Services)
  • Navigate to COMPUTER_NAME -> Web Sites -> Default Web Site
  • Right-click -> Properties for the "admin" folder
  • Select the Directory Security tab and click the "Edit" button to change Anonymous access and authentication control
  • Uncheck Anonymous access, check Basic authentication (selecting the default domain) and leave Integrated Windows authentication checked
  • Stop and restart Default Web Site

Integrated Windows authentication will allow users to auto-login if they're using IE and logged into the domain. Basically, this setup will allow only domain users to view the "admin" folder.



Go to top   Edit this page   More info...   Attach file...
This page last changed on 06-Nov-2006 13:52:58 MST by MattRaible.