Solved

usernames+passwords with IIS

Posted on 2002-03-15
10
281 Views
Last Modified: 2010-04-14
I just replaced my Linux server with Win2k adv. server.  I'm use to using Apache, so IIS is a little confusing.  I have a list of a hundred usernames and passwords.  It appers that, with IIS, I won't be able to simply put in a .htacess file in my directory that I want protected on the web.  I also definitely don't want to manually create hundreds of real users for authentication.  I'm aware that I can encrypt the passwords and keep a list of users and pass's in an Access Database, and using ASP I can authenticate a user that way.  However, my understanding is that it won't BLOCK the directory and all subdirectories using ASP.  How can I 'emulate' the Apache way of user authentication in IIS.  In other words, I want to block the directory unless the user is in my file list containing users and pass's.  I want the pop-up username and password prompt also.  With ASP, it appears that I'd have to use a form and won't get the prompt.

I also realize that I can install Apache for Windows.  I don't really want to do that because I got away from Linux for a reason.  I like the integrated environment of Windows.

Any suggestions would be greatly appreciated.  Thanks!
0
Comment
Question by:GorGor1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
10 Comments
 
LVL 3

Expert Comment

by:slang9
ID: 6868598
One way to do it is to create a Web Access group in AD and add user accounts to that group. Then restrict access to the inetpub directory on the IIS server to that group. Use integrated windows authentication, and the pop-up username and password will be used.
HTH
0
 
LVL 17

Expert Comment

by:mikecr
ID: 6868634
Either way, your going to have to create some accounts if you want to use integrated authentication with IIS. The accounts can either reside in AD or you can create them directly on the IIS box. You will change the site to Windows Authentication only in the security properties of the IIS site, and they will be prompted for a login. You will either need to create a group to house them and give the group access to the web folder to get into the site, in AD or on the IIS server itself. I'm not sure if there are any tools that you can use to export account information from Apache and import it into IIS but you would think there might be.
0
 
LVL 1

Author Comment

by:GorGor1
ID: 6869289
How in the world am I suppose to use Windows Authentication when I have a list of hundreds of usernames and passwords that have to allow access to the restricted area?  I surely can't create hundreds of user accounts (belonging to a web access group) by hand.  Is there any way to use Windows Authentication and check the user's authentication against a MS Access database instead of adding individual users?  Any ideas?
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 3

Expert Comment

by:slang9
ID: 6869353
By restricting access through group membership, you then follow mikecr's direction to enable access inside of IIS.
Adding the individual accounts from your domain into the new group, while a large task will only take a second or two par account. The group is all that needs to be created.
0
 
LVL 1

Author Comment

by:GorGor1
ID: 6869441
I require a little more info in the form of an example:

If I have users and pass's  user:pass...

user1:pass1
user2:pass2
user3:pass3
.
.
.
userN:passN

How would I go about giving each user access to the restricted web directory without manually creating each individual user as a real network user (whether or not they belong to the same group) and entering the password for each user.

I guess I'm just not getting it.  I'm new to the win2k (server) environment.  Could someone explain it step-by-step for me?  I can't find this kind of how-to on microsoft or anything.  I'll increase the points for a step-by-step.  Thanks again!
0
 
LVL 3

Expert Comment

by:slang9
ID: 6869526
Are you using Active Directory?
Create a new user group in your domain. Name it whatever works for you.
Add the members you want to have access to this resource into the group.
On the Web Server, right-click on the Inetpub directory and choose properties. On the security tab, add access rights for the group you created. Read and execute ought to be plenty.
In Inetnet Services Manager, choose the website in the left pane and right-click, choose properties. On the directory security tab, click on the edit button under the anonymous access and authentication control section, near the top. Clear the anonymous check box at the top, and click on the Integrated Windows Authentication checkbox on the bottom.
Now the only folks who can get to the site will be the users who have membership in the group you created, and they'll get the login box asking for username, password, and domain when they go to the site.
0
 
LVL 1

Author Comment

by:GorGor1
ID: 6869595
ok, BUT...I don't want to manually enter hundreds of usernames and passwords.  Is there a way to automate it??
0
 
LVL 17

Accepted Solution

by:
mikecr earned 150 total points
ID: 6876551
There is a command called Addusers in the Windows 2000 resource kit that will allow you to automate creating users by using a file. You could export your information form the access database to a file and then use the Addusers to import this file and create the accounts. I believe it will allow you to import current passwords also.
0
 
LVL 1

Author Comment

by:GorGor1
ID: 6878957
That's exactly what I was looking for.  Thanks!
0
 
LVL 17

Expert Comment

by:mikecr
ID: 6879687
No problem. Good luck!
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Facebook has became the #1 social media platform. People share many funny videos there, yet you don't know how to download them? Now you can download Videos from Facebook in just 3 simple steps.
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question