dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
3779
share rss forum feed


devicemanage
Premium
join:2002-03-16
Chalfont, PA

iis7 and password protecting a web directory

I currently have have a security camera sending snap shots via ftp to a folder that I would like to make password protected to a single user on the web. I currently have it set up using basic authentication but can not lock down the directory so that only one users credentials will allow him access. No matter what I do, even deny domain users from the directory anyone with an account can gain access. Am I missing something here. Currently the directory just has the administrators group, creator and owner permissions. The ftp is using and account in the administrators group and is working perfectly I just don't want anyone logging in. Need to use the basic authentication because I need a cell phone that only supports that version of authentication. Thanks...
--
»www.devicemanager.net


Rob
In Deo speramus.
Premium
join:2001-08-25
Kendall, FL
kudos:2
Have you tried with web.config?

»www.iis.net/ConfigReference/syst···rization


devicemanage
Premium
join:2002-03-16
Chalfont, PA
No I haven't, I just thought there would be an easier way to manage it with some directory security like you would an ftp site?
--
»www.devicemanager.net


Rob
In Deo speramus.
Premium
join:2001-08-25
Kendall, FL
kudos:2
Ahh. I wouldn't know as I don't use FTP on my IIS7 server. We use develop the website directly on the IIS7 server.


netboy34
Premium
join:2001-08-29
Kennesaw, GA
kudos:1
reply to devicemanage
»www.iistools.com/en/iispassword.html

iis password... used it on my iis6 server... it hasn't been updated in a while, but it might still work on IIS7 since it is 64bit compatible... its free for up to three users, so it might be worth a shot


tomk62

join:2001-11-01
Trenton, NJ
reply to devicemanage
Sorry late reply here ... but what you are trying to do should work. What is getting logged for the requests by "non authorized" users?


devicemanage
Premium
join:2002-03-16
Chalfont, PA
It states error 401 - Unauthorized: Access is denied to invalid credentials. Any help would be greatly appreciated.
--
»www.devicemanager.net


cowboyro
Premium
join:2000-10-11
Shelton, CT
reply to devicemanage
I am a bit confused about what you're trying to achieve.
Are you saying that you're setting permissions for FTP for one single user, but everyone in the domain is able to FTP? Or everyone in the domain is able to access the local folder where the files are dumped through the network? Or everyone in the domain is able to access the folder via HTTP?


devicemanage
Premium
join:2002-03-16
Chalfont, PA
the directory is not shared but via ftp the camera can reach it to deposit pictures. That part is working. What I want is to be able to access the ftp directory via the web so that only one user can gain access. Currently all domain users can access the directory even though the security permissin do not specify doman users as being granted permission.

The ftp is locked down to the specified users. However via the web, anyone with a domain account can log in.
--
»www.devicemanager.net


cowboyro
Premium
join:2000-10-11
Shelton, CT
reply to devicemanage
I assume the basic auth module is already installed.
Edit directory properties in IIS. Remove anonymous access and enable basic auth.
In directory security remove all users except an admin (for future management), the account used for FTP and the account for web access.
That should do it. I tested and it worked... Play with a subdirectory just to be on the safe side until you make sure it works for you as intended.

Now the real question is why not make a very simple app that serves the image? You could control access via a web login form and use cookies for future access.


devicemanage
Premium
join:2002-03-16
Chalfont, PA
On the directory in iis all I have enabled is basic authentication. In directory security all there is, is administrator, owner and system. Any domain user can log in, really weird...
--
»www.devicemanager.net


cowboyro
Premium
join:2000-10-11
Shelton, CT
reply to cowboyro
Remove all but admin and the web user.


tomk62

join:2001-11-01
Trenton, NJ
reply to devicemanage
That doesn't quite make sense, this is an error indicating the user doesn't have access but yet in your OP you say anyone can access. Also, this isn't from the IIS log file, and a 401 error will have a sub status code usually of a "1" (typically means a bad username or password was supplied) or a "3" (the user does not have NTFS permissions to the content requested).

Can you paste a snippet of your IIS log file that shows an access attempt? This will tell us the username that was granted access.


devicemanage
Premium
join:2002-03-16
Chalfont, PA
reply to devicemanage
Here is a snippet

2012-06-15 14:54:35 W3SVC3 VM-XXXX 192.168.100.10 GET /snap - 80 jacki ipaddress HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.1;+WOW64;+Trident/4.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+PC+NAME+PC+6.0;+InfoPath.3;+.NET4.0C) - - www.domainname.com 301 0 0 379 566 133

The security tab just has the users administrators, system and creator. Another weird thing is the ftp side of this directory, users the iusr account to push images over but that account isnt in the list. I tried changing the ftp to use a specific account and when I hit apply it reverts back to the iusr account. Just thought I would throw that out there hehe Thanks for hanging in there with me guys!
--
»www.devicemanager.net


tomk62

join:2001-11-01
Trenton, NJ
looks like this is showing us the user "jacki" was granted access, and the status code here is a 301 which means the server is telling the browser that it needs to redirect.


devicemanage
Premium
join:2002-03-16
Chalfont, PA
yes because that was who I logged in as - jacki currently does not have any permissions on that directory. if I was to log in with the spcified account that has access, it says that I logged in with that account.

The only thing I can think of is I have ftp and web settings on the same directory, but I have done that before on a 2003 server without a hitch.
--
»www.devicemanager.net