1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Authentication in IIS

Discussion in 'Web Development & Web Hosting' started by Sparky, Mar 8, 2006.

  1. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    I’ve posted a thread about this previously and I still need some help.

    Basically I need to have a login script on a web server to redirect users to their own personal web space, it will have word docs and pdfs to download. The problem I am having is with authentication for users.

    As posted previously I think NTFS permissions are the way to go configured on the user directories in IIS but is there a way of getting the logon credentials to be entered on a regular web page (say in .asp) as the Windows logon prompt is not too user friendly and the MD doesn’t like it!

    I do have a small .asp script that redirects to the relevant user directory depending on what username is entered BUT then there is a prompt for Windows authentication which is the problem. Can this be changed?

    Is anyone can help there is several virtual beers available!!
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  2. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,199
    125
    199
    :unsure

    Goes over my head Sparky!

    Someone round here must know? :blink
     
  3. d-Faktor
    Honorary Member

    d-Faktor R.I.P - gone but never forgotten.

    810
    0
    39
    i've never used asp and my iis knowledge is minimal, but could this be what you're looking for?
     
  4. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    Tell him to lump it Sparky. What is not user friendly about the Windows logon promt :blink

    This is such a complex area mate, I have done a bit more research but am finding that IIS authentication is a can of worms.

    I did stumble across a couple of good links which you might want to look at and see if you can glean from them what you are after.

    http://msdn.microsoft.com/library/d.../en-us/vsent7/html/vxconIISAuthentication.asp

    http://www.rtr.com/fpsupport/serk4.0/scwin_2.htm

    Good luck and keep us posted :D
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  5. mrobinson52

    mrobinson52 Security Maven Gold Member

    194
    9
    74
    Hi Sparky!

    Is this in an AD domain? You are talking about Windows login scripts being none too friendly. Would there be an AD script that you could use for this redirect? Is this essentially like mapping the users to their own webspace? I am afraid that I am not all that familiar with IIS, but if I had a clearer picture of your setup, I might be able to find something. Main thing I need to know is if AD is involved. :unsure
     
    Certifications: A+, Network+, MCSA:Security, Security+
    WIP: CISSP
  6. MarkN

    MarkN Nibble Poster

    79
    3
    15
    Is IIS set to use Integrated Windows Authentication?
     
    Certifications: MCSE NT4\W2K,CNE,CCEA,ASE
    WIP: CCNA
  7. supag33k

    supag33k Kilobyte Poster

    461
    19
    49
    Well you could try the Microsoft Sharepoint product...it would give you most of what you are attempting to do and is customisable...
     
    Certifications: MCSE (NT4/2000/2003/Messaging), MCDBA
    WIP: CCNA, MCTS SQL, Exchange & Security stuff
  8. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    That's a good point supa, I never thought of that :hhhmmm :juggle
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  9. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    Thanks for all your replies, much appreciated.

    The web server is now sitting in the DMZ running Windows 2003 (without windows authentication) , this can be upgraded to run is own domain (say portal.local) if this would help matters.

    Originally when I had the site running on my laptop (on the LAN), which has IIS installed it just had a .asp script which redirected to a page on the site depending on the user credentials entered. This queried an access database and if authentication was successful then the page would be displayed. The .asp page has a session cookie (hard coded at the top of each page) to prevent the users from browsing to other urls which they don’t have permission to view. This worked fine until the MD asked me to put in downloads on the user pages as I can’t use the .asp code (at the top of a page) for authentication as it’s a word document. In theory if someone knows the url to the word doc then it can be downloaded, not good! I went back to the website site on my laptop and set-up windows authentication which I thought looked ok but the MD doesn’t like the Windows prompt, arrrrgh! :twisted:

    In regard to the Sharepoint suggestion I am considering publishing a sharepoint portal server through ISA server, is this a better solution?

    Going to read through all the posted links and try and get this sorted!

    Cheers guys! 8)
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  10. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    A long time ago when studying sql server's usage of xml I set IIS up to use AD authentication and authenticate me to sql server. It worked really well. I just had to use one site but the authentication was transparent. I can't remember exactly how I did it but there wasn't even a login prompt. IIS and AD conversed using my userid from my computer. It was no different than getting authenticated in AD to a file server as far as I, the user, was concerned.

    I don't see why AD authentication won't work with other resources such as the web server.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  11. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    Must admit this is one of the more complex projects I’ve been given at work and the only reason I’m doing it is because I used to code in Visual Basic 6.0 and C++ a couple of years ago. In all honesty we should bring in a developer but we don’t have the £££ just now.

    Just to add that the webserver is published so anyone can access it and login with the correct credentials. The idea is that customers can login and have their own page with stats on how many support calls we have resolved over the last month or so.

    I will have another attempt when I’m back in the office next week as I’m visiting a client tomorrow. On an unrelated note I need to advise the client to upgrade their virus definitions which are two years out of date but they don’t seem to think its necessary, arrrgh! :twisted:
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  12. mrobinson52

    mrobinson52 Security Maven Gold Member

    194
    9
    74
    Maybe this will help?
    Or maybe this ?

    :twisted: Good Luck!
     
    Certifications: A+, Network+, MCSA:Security, Security+
    WIP: CISSP

Share This Page

Loading...