Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP General > how to create the username/password authorization dialog?

Reply
Thread Tools

how to create the username/password authorization dialog?

 
 
Tom Kaminski [MVP]
Guest
Posts: n/a
 
      03-04-2004
"Matt" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> I want to add security in ASP application.
> When the user go to http://localhost/myproject/index.asp, I want it will

pop
> up an username/password authentication dialog box.
>
> Here's the steps I did, but still not working.
> 1. In computer management, add an user "admin" that should have permission
> to the page
> 2. In IIS console, right click the file index.asp, and click properties >
> File Security > Edit, and click Edit button under Anonymous access, and

add
> user "admin" in Anonymous User Account window.
> 3. Uncheck Anonymous access check box
> 4. Click OK button
>
> Then it should provide security access to index.asp only, but not other
> files. But still not working either way. Please advise!


See the relevant article(s) for you OS/IIS:
IIS 5 Documentation
http://www.microsoft.com/windows2000/en/server/iis/
Microsoft Internet Information Server
Administration
Server Administration
Security
Authentication
Access Control

IIS 6 Documentation
http://www.microsoft.com/technet/pro...entication.asp


HOW TO: Configure IIS 5.0 Web Site Authentication in Windows 2000
http://support.microsoft.com/?id=310344
HOW TO: Configure User and Group Access on an Intranet in Windows 2000 or
Windows NT 4.0
http://support.microsoft.com/?id=325358
HOW TO: Configure IIS Web Site Authentication in Windows Server 2003
http://support.microsoft.com/default...b;en-us;324274

Make sure you disable simple file sharing in XP
http://support.microsoft.com/default...b;en-us;304040


--
Tom Kaminski IIS MVP
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
http://mvp.support.microsoft.com/
http://www.microsoft.com/windowsserv...y/centers/iis/



 
Reply With Quote
 
 
 
 
Tom Kaminski [MVP]
Guest
Posts: n/a
 
      03-04-2004
"Ken Schaefer" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> You need to:
>
> a) uncheck the "Allow Anonymous Access" box


FWIW, I like to say "uncheck the 'Allow Anonymous Access' box AND/OR remove
IUSR_servername from the NTFS permissions on the content."

--
Tom Kaminski IIS MVP
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
http://mvp.support.microsoft.com/
http://www.microsoft.com/windowsserv...y/centers/iis/



 
Reply With Quote
 
 
 
 
Ken Schaefer
Guest
Posts: n/a
 
      03-05-2004
If you just remove IUSR_<machinename> NTFS permissions, and you do not check
any of the other authentication mechanisms, you will just generate a HTTP
error (since the impersonated account can not get access, and you haven't
specified a method that the server will accept for accepting credentials
from the browser). By default IWA is also checked, so usually that would
work.

That's why I laid out several steps:
a) uncheck allow anonymous
b) check one of the *other* authentication mechanisms
c) adjust NTFS permissions so that the groups that are supposed to have
access have appropraite NTFS permissions (not just "anyone"

Cheers
Ken

"Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> wrote in message
news:c27b2r$(E-Mail Removed)...
: "Ken Schaefer" <(E-Mail Removed)> wrote in message
: news:%(E-Mail Removed)...
: > You need to:
: >
: > a) uncheck the "Allow Anonymous Access" box
:
: FWIW, I like to say "uncheck the 'Allow Anonymous Access' box AND/OR
remove
: IUSR_servername from the NTFS permissions on the content."
:
: --
: Tom Kaminski IIS MVP
: http://www.iistoolshed.com/ - tools, scripts, and utilities for running
IIS
: http://mvp.support.microsoft.com/
: http://www.microsoft.com/windowsserv...y/centers/iis/
:
:
:


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: How include a large array? Edward A. Falk C Programming 1 04-04-2013 08:07 PM
URL Authorization does not override File Authorization? SeanRW ASP .Net Security 1 05-25-2006 06:18 AM
Wireless Provisioning Services and IAS Authorization DLL Washington Moreira Wireless Networking 2 12-06-2005 08:29 AM
Wireless Provisioning Services and IAS Authorization DLL Washington Moreira Wireless Networking 1 12-05-2005 08:41 PM
aaa authorization exec|commands|network Michael Shiah Cisco 0 10-21-2003 02:44 AM



Advertisments