authentication with iis4
Glen Davies
GLEN at rimu.cce.ac.nz
Mon Mar 2 20:00:27 EST 1998
Hi
Thanks. This is sort of what I am wanting, but instead of returning an error
saying that you are not allowed access I want it to prompt for basic
user id and password if the ip doesn't match. ie. if a user requests
a page and their ip matches they automatically get it no questions
asked. If their ip doesn't match then they get prompted for userid
and password. If their user id and password fail then they get the
access denied message. Do you know if this is possible?
Thanks
Regards
Glen
>
> Hi! This isn't quite true. You can restrict to the directory or file level
> with IIS4. At each level, right-click on the item, choose properties, and
> then the file access tab. You can then either automatically grant or deny
> access based upon exact IP numbers, ranges, or domains. You do need to use
> the Management Console for this level of control, but it is there.
>
> As an example, try the page:
>
> http://www.library.okstate.edu/info/oklafs/fsosu.htm
>
> You should get a page, using a custom error message, telling you that you
> need to be a member of OSU for access. I get different page continuing the
> process to get to OCLC. This is done with IP restrictions at the file-level
> and a custom error message.
>
> --Richard
>
______________________________ Reply Separator _________________________________
Subject: Re: authentication with iis4
Author: <kstevens at pratt.edu > at SMTP
Date: 3/2/98 7:21 AM
You can restrict by IP address on IIS 4.0 only by logical server. You
cannot limit by IP address on a directory-by-directory or file-by-file
basis. However, IIS includes the capability to run "virtual servers," which
allows several sites to run on the same physical server, using different IP
addresses or port numbers. This provides a workaround to the problem, since
each of the virtual servers can be configured with its own set of IP address
restrictions. If you have a spare IP address (or want to instruct users to
specify a nonstandard port), you can add a virtual server with the root
pointing to the "secure" subdirectory.
The security configuration is fairly easy to set up. Both settings are
under the "Directory Security" property tab. "IP address and domain
restrictions" allows you to restrict the site by IP address/domain name.
"Anonymous access and authentication control" allows you to disable
anonymous access and enable either unencrypted (Basic) or encrypted (Windows
NT Challenge/Response) authentication. Challenge/Response only works from
IE browsers 3.0 and higher. Authentication is based on the built-in Windows
NT security, so you will have to set up user account(s) and assign
permissions to the files and directories you need to limit access to.
Hope that helps!
Kevin Stevens
Computing Systems Manager
Pratt Institute Libraries
Brooklyn, NY
-----Original Message-----
From: Glen Davies <GLEN at rimu.cce.ac.nz>
To: Multiple recipients of list <web4lib at library.berkeley.edu>
Date: Thursday, February 26, 1998 8:08 PM
Subject: authentication with iis4
>Hi
>
>Does anybody know if the following user authentication scheme is
>possible with iis4. I want to have subdirectory of the server for
>which the server first of all checks the client ip, if the ip is valid
access is
>allowed, if not the client is asked for basic userid and password.
>
>It is a bit hard to tell from the online documentation. It is obvious that
>it does one or the other but it is not clear if two levels of
>authentication are possible. I want to find out if this is possible >before
I go to the bother of downloading and installing it.
***********************************************************
Glen Davies
Information Technology Librarian
Christchurch College of Education
Christchurch
New Zealand
glen at rimu.cce.ac.nz
64-3-343 7737
************************************************************
"I've been drunk for about a week now, and I thought it might
sober me up to sit in a library" F.Scott Fitzgerald
The Great Gatsby, ch3
************************************************************
More information about the Web4lib
mailing list