authentication with iis4

Kevin Stevens kstevens at pratt.edu
Mon Mar 2 09:42:26 EST 1998 

You can restrict by IP address on IIS 4.0 only by logical server.  You
cannot limit by IP address on a directory-by-directory or file-by-file
basis.  However, IIS includes the capability to run "virtual servers," which
allows several sites to run on the same physical server, using different IP
addresses or port numbers.  This provides a workaround to the problem, since
each of the virtual servers can be configured with its own set of IP address
restrictions.  If you have a spare IP address (or want to instruct users to
specify a nonstandard port), you can add a virtual server with the root
pointing to the "secure" subdirectory.

The security configuration is fairly easy to set up.  Both settings are
under the "Directory Security" property tab.  "IP address and domain
restrictions" allows you to restrict the site by IP address/domain name.
"Anonymous access and authentication control" allows you to disable
anonymous access and enable either unencrypted (Basic) or encrypted (Windows
NT Challenge/Response) authentication.  Challenge/Response only works from
IE browsers 3.0 and higher.  Authentication is based on the built-in Windows
NT security, so you will have to set up user account(s) and assign
permissions to the files and directories you need to limit access to.

Hope that helps!

Kevin Stevens
Computing Systems Manager
Pratt Institute Libraries
Brooklyn, NY

-----Original Message-----
From: Glen Davies <GLEN at rimu.cce.ac.nz>
To: Multiple recipients of list <web4lib at library.berkeley.edu>
Date: Thursday, February 26, 1998 8:08 PM
Subject: authentication with iis4


>Hi
>
>Does anybody know if the following user authentication scheme is
>possible with iis4. I want to have  subdirectory of the server for
>which the server first of all checks the client ip, if the ip is valid
access is
>allowed, if not the client is asked for basic userid and password.
>
>It is a bit hard to tell from the online documentation. It is obvious that
>it does one or the other but it is not clear if two levels of
>authentication are possible. I want to find out if this is possible
>before I go to the bother of downloading and installing it.
>
>Thanks
>Regards
>Glen
>
>***********************************************************
>Glen Davies
>Information Technology Librarian
>Christchurch College of Education
>Christchurch
>New Zealand
>glen at rimu.cce.ac.nz
>64-3-343 7737
>************************************************************
>"I've been drunk for about a week now, and I thought it might
> sober me up to sit in a library" F.Scott Fitzgerald
>                                  The Great Gatsby, ch3
>************************************************************

More information about the Web4lib mailing list