Authentication in IIS

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

I’ve posted a thread about this previously and I still need some help.

Basically I need to have a login script on a web server to redirect users to their own personal web space, it will have word docs and pdfs to download. The problem I am having is with authentication for users.

As posted previously I think NTFS permissions are the way to go configured on the user directories in IIS but is there a way of getting the logon credentials to be entered on a regular web page (say in .asp) as the Windows logon prompt is not too user friendly and the MD doesn’t like it!

I do have a small .asp script that redirects to the relevant user directory depending on what username is entered BUT then there is a prompt for Windows authentication which is the problem. Can this be changed?

Is anyone can help there is several virtual beers available!!

 

Thanks for all your replies, much appreciated.

The web server is now sitting in the DMZ running Windows 2003 (without windows authentication) , this can be upgraded to run is own domain (say portal.local) if this would help matters.

Originally when I had the site running on my laptop (on the LAN), which has IIS installed it just had a .asp script which redirected to a page on the site depending on the user credentials entered. This queried an access database and if authentication was successful then the page would be displayed. The .asp page has a session cookie (hard coded at the top of each page) to prevent the users from browsing to other urls which they don’t have permission to view. This worked fine until the MD asked me to put in downloads on the user pages as I can’t use the .asp code (at the top of a page) for authentication as it’s a word document. In theory if someone knows the url to the word doc then it can be downloaded, not good! I went back to the website site on my laptop and set-up windows authentication which I thought looked ok but the MD doesn’t like the Windows prompt, arrrrgh!

In regard to the Sharepoint suggestion I am considering publishing a sharepoint portal server through ISA server, is this a better solution?

Going to read through all the posted links and try and get this sorted!

Cheers guys!

 

Must admit this is one of the more complex projects I’ve been given at work and the only reason I’m doing it is because I used to code in Visual Basic 6.0 and C++ a couple of years ago. In all honesty we should bring in a developer but we don’t have the £££ just now.

Just to add that the webserver is published so anyone can access it and login with the correct credentials. The idea is that customers can login and have their own page with stats on how many support calls we have resolved over the last month or so.

I will have another attempt when I’m back in the office next week as I’m visiting a client tomorrow. On an unrelated note I need to advise the client to upgrade their virus definitions which are two years out of date but they don’t seem to think its necessary, arrrgh!