authentication with iis4

rpage at okway.okstate.edu rpage at okway.okstate.edu
Mon Mar 2 17:46:17 EST 1998


   Hi! This isn't quite true. You can restrict to the directory or file level 
   with IIS4. At each level, right-click on the item, choose properties, and 
   then the file access tab. You can then either automatically grant or deny 
   access based upon exact IP numbers, ranges, or domains. You do need to use 
   the Management Console for this level of control, but it is there.
   
   As an example, try the page:
   
      http://www.library.okstate.edu/info/oklafs/fsosu.htm
   
   You should get a page, using a custom error message, telling you that you 
   need to be a member of OSU for access. I get different page continuing the 
   process to get to OCLC. This is done with IP restrictions at the file-level 
   and a custom error message.
   
   --Richard
   
   =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
    Richard M. Page                         | Voice      (405) 744-5347
    Head, Library Systems Department        | Fax        (405) 744-7579
    224A Library, Oklahoma State University | 
    Stillwater, OK 74078-1070               | E-Mail: rpage at okway.okstate.edu
   =+=+=+=+=+=+=+=+=+=+= http://el0455.lib.okstate.edu/ +=+=+=+=+=+=+=+=+=+=+=

______________________________ Reply Separator _________________________________
Subject: Re: authentication with iis4 
Author:  <kstevens at pratt.edu > at SMTP
Date:    3/2/98 7:21 AM

You can restrict by IP address on IIS 4.0 only by logical server.  You 
cannot limit by IP address on a directory-by-directory or file-by-file 
basis.  However, IIS includes the capability to run "virtual servers," which 
allows several sites to run on the same physical server, using different IP 
addresses or port numbers.  This provides a workaround to the problem, since 
each of the virtual servers can be configured with its own set of IP address 
restrictions.  If you have a spare IP address (or want to instruct users to 
specify a nonstandard port), you can add a virtual server with the root 
pointing to the "secure" subdirectory.
   
The security configuration is fairly easy to set up.  Both settings are 
under the "Directory Security" property tab.  "IP address and domain 
restrictions" allows you to restrict the site by IP address/domain name. 
"Anonymous access and authentication control" allows you to disable 
anonymous access and enable either unencrypted (Basic) or encrypted (Windows 
NT Challenge/Response) authentication.  Challenge/Response only works from 
IE browsers 3.0 and higher.  Authentication is based on the built-in Windows 
NT security, so you will have to set up user account(s) and assign 
permissions to the files and directories you need to limit access to.
   
Hope that helps!
   
Kevin Stevens
Computing Systems Manager
Pratt Institute Libraries
Brooklyn, NY
   
-----Original Message-----
From: Glen Davies <GLEN at rimu.cce.ac.nz>
To: Multiple recipients of list <web4lib at library.berkeley.edu> 
Date: Thursday, February 26, 1998 8:08 PM
Subject: authentication with iis4
   
   
>Hi
>
>Does anybody know if the following user authentication scheme is 
>possible with iis4. I want to have  subdirectory of the server for 
>which the server first of all checks the client ip, if the ip is valid 
access is
>allowed, if not the client is asked for basic userid and password. 
>
>It is a bit hard to tell from the online documentation. It is obvious that 
>it does one or the other but it is not clear if two levels of 
>authentication are possible. I want to find out if this is possible >before 
I go to the bother of downloading and installing it.
>
>Thanks
>Regards
>Glen
>
>*********************************************************** 
>Glen Davies
>Information Technology Librarian
>Christchurch College of Education
>Christchurch
>New Zealand
>glen at rimu.cce.ac.nz
>64-3-343 7737
>************************************************************ 
>"I've been drunk for about a week now, and I thought it might 
> sober me up to sit in a library" F.Scott Fitzgerald
>                                  The Great Gatsby, ch3 
>************************************************************
   
   




More information about the Web4lib mailing list