• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 295
  • Last Modified:

usernames+passwords with IIS

I just replaced my Linux server with Win2k adv. server.  I'm use to using Apache, so IIS is a little confusing.  I have a list of a hundred usernames and passwords.  It appers that, with IIS, I won't be able to simply put in a .htacess file in my directory that I want protected on the web.  I also definitely don't want to manually create hundreds of real users for authentication.  I'm aware that I can encrypt the passwords and keep a list of users and pass's in an Access Database, and using ASP I can authenticate a user that way.  However, my understanding is that it won't BLOCK the directory and all subdirectories using ASP.  How can I 'emulate' the Apache way of user authentication in IIS.  In other words, I want to block the directory unless the user is in my file list containing users and pass's.  I want the pop-up username and password prompt also.  With ASP, it appears that I'd have to use a form and won't get the prompt.

I also realize that I can install Apache for Windows.  I don't really want to do that because I got away from Linux for a reason.  I like the integrated environment of Windows.

Any suggestions would be greatly appreciated.  Thanks!
0
GorGor1
Asked:
GorGor1
  • 4
  • 3
  • 3
1 Solution
 
slang9Commented:
One way to do it is to create a Web Access group in AD and add user accounts to that group. Then restrict access to the inetpub directory on the IIS server to that group. Use integrated windows authentication, and the pop-up username and password will be used.
HTH
0
 
mikecrCommented:
Either way, your going to have to create some accounts if you want to use integrated authentication with IIS. The accounts can either reside in AD or you can create them directly on the IIS box. You will change the site to Windows Authentication only in the security properties of the IIS site, and they will be prompted for a login. You will either need to create a group to house them and give the group access to the web folder to get into the site, in AD or on the IIS server itself. I'm not sure if there are any tools that you can use to export account information from Apache and import it into IIS but you would think there might be.
0
 
GorGor1Author Commented:
How in the world am I suppose to use Windows Authentication when I have a list of hundreds of usernames and passwords that have to allow access to the restricted area?  I surely can't create hundreds of user accounts (belonging to a web access group) by hand.  Is there any way to use Windows Authentication and check the user's authentication against a MS Access database instead of adding individual users?  Any ideas?
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
slang9Commented:
By restricting access through group membership, you then follow mikecr's direction to enable access inside of IIS.
Adding the individual accounts from your domain into the new group, while a large task will only take a second or two par account. The group is all that needs to be created.
0
 
GorGor1Author Commented:
I require a little more info in the form of an example:

If I have users and pass's  user:pass...

user1:pass1
user2:pass2
user3:pass3
.
.
.
userN:passN

How would I go about giving each user access to the restricted web directory without manually creating each individual user as a real network user (whether or not they belong to the same group) and entering the password for each user.

I guess I'm just not getting it.  I'm new to the win2k (server) environment.  Could someone explain it step-by-step for me?  I can't find this kind of how-to on microsoft or anything.  I'll increase the points for a step-by-step.  Thanks again!
0
 
slang9Commented:
Are you using Active Directory?
Create a new user group in your domain. Name it whatever works for you.
Add the members you want to have access to this resource into the group.
On the Web Server, right-click on the Inetpub directory and choose properties. On the security tab, add access rights for the group you created. Read and execute ought to be plenty.
In Inetnet Services Manager, choose the website in the left pane and right-click, choose properties. On the directory security tab, click on the edit button under the anonymous access and authentication control section, near the top. Clear the anonymous check box at the top, and click on the Integrated Windows Authentication checkbox on the bottom.
Now the only folks who can get to the site will be the users who have membership in the group you created, and they'll get the login box asking for username, password, and domain when they go to the site.
0
 
GorGor1Author Commented:
ok, BUT...I don't want to manually enter hundreds of usernames and passwords.  Is there a way to automate it??
0
 
mikecrCommented:
There is a command called Addusers in the Windows 2000 resource kit that will allow you to automate creating users by using a file. You could export your information form the access database to a file and then use the Addusers to import this file and create the accounts. I believe it will allow you to import current passwords also.
0
 
GorGor1Author Commented:
That's exactly what I was looking for.  Thanks!
0
 
mikecrCommented:
No problem. Good luck!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now