Password protecting webpages - Tilted Forum Project Discussion Community

connyosis · 06-23-2005, 02:29 PM

Ok, so today my father in law (A professor at a university around here) asked me whether I could help him with password protecting some pages containing course material. Only students would be allowed to access these pages, other people would just get some basic info about what these courses contains.
This uni runs windows with IIS, and since I've never worked with that system, where is a good place to start? What I'm asking for is basically a howto on how to protect webpages with IIS. No need for anything fancy (It's not anything top secret), just a simple way to prevent everyone from accessing certain areas of a website. Been looking on google and found some info, but I thought I might check here as well and see if anyone has any nice recommendations.

sashime76 · 06-24-2005, 04:36 AM

Maybe this will help you, I don't have any experience in this.

http://www.troxo.com/products/iispassword/

bendsley · 06-24-2005, 04:54 AM

Also, if you go into the IIS Administration on the machine, disable Directory Browsing as well. It's just a checkbox you have to put a check into.

That way, someone can't just go to www.insertrandomhitfpaddress.com/files/ and be able to get a listing of the files if you have no index file in there.

WillyPete · 06-24-2005, 05:38 AM

In the IIS administration panel, you need to find the website or virtual host that your father's site runs under.

Within the directory security tab you can set it to not use the default anonymous login which uses the built-in IUSR_machinename login.
For basic passwording, set it to use plain text. MS authentication will mean that they need to be on the same domain as the server and given rights to it.

If the page is part of a larger site, it would be best to create a virual host under the main site's structure and have it point to a separate directory that holds the pages he wants protecting.
Then do the above changes to that v-hosts directory security tab.

connyosis · 06-25-2005, 02:07 AM

Thanks for the tips guys. I also just ordered a book about configuring IIS, so hopefully this wont be much of a problem.

mikec · 06-27-2005, 10:05 AM

Quote:

Originally Posted by connyosis

...I also just ordered a book about configuring IIS, so hopefully this wont be much of a problem.

famous last words!!! heheheh - good luck!

connyosis · 06-27-2005, 10:07 AM

Haha, thanks.

06-23-2005, 02:29 PM	#1 (permalink)
connyosis Psycho Location: Sweden - Land of the sodomite damned	Password protecting webpages Ok, so today my father in law (A professor at a university around here) asked me whether I could help him with password protecting some pages containing course material. Only students would be allowed to access these pages, other people would just get some basic info about what these courses contains. This uni runs windows with IIS, and since I've never worked with that system, where is a good place to start? What I'm asking for is basically a howto on how to protect webpages with IIS. No need for anything fancy (It's not anything top secret), just a simple way to prevent everyone from accessing certain areas of a website. Been looking on google and found some info, but I thought I might check here as well and see if anyone has any nice recommendations. __________________ If atheism is a religion, then not collecting stamps is a hobby.

06-24-2005, 04:54 AM	#3 (permalink)
bendsley Professional Loafer Location: texas	Also, if you go into the IIS Administration on the machine, disable Directory Browsing as well. It's just a checkbox you have to put a check into. That way, someone can't just go to www.insertrandomhitfpaddress.com/files/ and be able to get a listing of the files if you have no index file in there. __________________ "You hear the one about the fella who died, went to the pearly gates? St. Peter let him in. Sees a guy in a suit making a closing argument. Says, "Who's that?" St. Peter says, "Oh, that's God. Thinks he's Denny Crane."

06-25-2005, 02:07 AM	#5 (permalink)
connyosis Psycho Location: Sweden - Land of the sodomite damned	Thanks for the tips guys. I also just ordered a book about configuring IIS, so hopefully this wont be much of a problem. __________________ If atheism is a religion, then not collecting stamps is a hobby.

06-27-2005, 10:07 AM	#7 (permalink)
connyosis Psycho Location: Sweden - Land of the sodomite damned	Haha, thanks. __________________ If atheism is a religion, then not collecting stamps is a hobby.

06-24-2005, 04:36 AM	#2 (permalink)
sashime76 Addict Location: Hoosier State	Maybe this will help you, I don't have any experience in this. http://www.troxo.com/products/iispassword/

06-24-2005, 05:38 AM	#4 (permalink)
WillyPete Addict	In the IIS administration panel, you need to find the website or virtual host that your father's site runs under. Within the directory security tab you can set it to not use the default anonymous login which uses the built-in IUSR_machinename login. For basic passwording, set it to use plain text. MS authentication will mean that they need to be on the same domain as the server and given rights to it. If the page is part of a larger site, it would be best to create a virual host under the main site's structure and have it point to a separate directory that holds the pages he wants protecting. Then do the above changes to that v-hosts directory security tab.