Solved

usernames+passwords with IIS

Posted on 2002-03-15
10
278 Views
Last Modified: 2010-04-14
I just replaced my Linux server with Win2k adv. server.  I'm use to using Apache, so IIS is a little confusing.  I have a list of a hundred usernames and passwords.  It appers that, with IIS, I won't be able to simply put in a .htacess file in my directory that I want protected on the web.  I also definitely don't want to manually create hundreds of real users for authentication.  I'm aware that I can encrypt the passwords and keep a list of users and pass's in an Access Database, and using ASP I can authenticate a user that way.  However, my understanding is that it won't BLOCK the directory and all subdirectories using ASP.  How can I 'emulate' the Apache way of user authentication in IIS.  In other words, I want to block the directory unless the user is in my file list containing users and pass's.  I want the pop-up username and password prompt also.  With ASP, it appears that I'd have to use a form and won't get the prompt.

I also realize that I can install Apache for Windows.  I don't really want to do that because I got away from Linux for a reason.  I like the integrated environment of Windows.

Any suggestions would be greatly appreciated.  Thanks!
0
Comment
Question by:GorGor1
  • 4
  • 3
  • 3
10 Comments
 
LVL 3

Expert Comment

by:slang9
ID: 6868598
One way to do it is to create a Web Access group in AD and add user accounts to that group. Then restrict access to the inetpub directory on the IIS server to that group. Use integrated windows authentication, and the pop-up username and password will be used.
HTH
0
 
LVL 17

Expert Comment

by:mikecr
ID: 6868634
Either way, your going to have to create some accounts if you want to use integrated authentication with IIS. The accounts can either reside in AD or you can create them directly on the IIS box. You will change the site to Windows Authentication only in the security properties of the IIS site, and they will be prompted for a login. You will either need to create a group to house them and give the group access to the web folder to get into the site, in AD or on the IIS server itself. I'm not sure if there are any tools that you can use to export account information from Apache and import it into IIS but you would think there might be.
0
 
LVL 1

Author Comment

by:GorGor1
ID: 6869289
How in the world am I suppose to use Windows Authentication when I have a list of hundreds of usernames and passwords that have to allow access to the restricted area?  I surely can't create hundreds of user accounts (belonging to a web access group) by hand.  Is there any way to use Windows Authentication and check the user's authentication against a MS Access database instead of adding individual users?  Any ideas?
0
 
LVL 3

Expert Comment

by:slang9
ID: 6869353
By restricting access through group membership, you then follow mikecr's direction to enable access inside of IIS.
Adding the individual accounts from your domain into the new group, while a large task will only take a second or two par account. The group is all that needs to be created.
0
 
LVL 1

Author Comment

by:GorGor1
ID: 6869441
I require a little more info in the form of an example:

If I have users and pass's  user:pass...

user1:pass1
user2:pass2
user3:pass3
.
.
.
userN:passN

How would I go about giving each user access to the restricted web directory without manually creating each individual user as a real network user (whether or not they belong to the same group) and entering the password for each user.

I guess I'm just not getting it.  I'm new to the win2k (server) environment.  Could someone explain it step-by-step for me?  I can't find this kind of how-to on microsoft or anything.  I'll increase the points for a step-by-step.  Thanks again!
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 3

Expert Comment

by:slang9
ID: 6869526
Are you using Active Directory?
Create a new user group in your domain. Name it whatever works for you.
Add the members you want to have access to this resource into the group.
On the Web Server, right-click on the Inetpub directory and choose properties. On the security tab, add access rights for the group you created. Read and execute ought to be plenty.
In Inetnet Services Manager, choose the website in the left pane and right-click, choose properties. On the directory security tab, click on the edit button under the anonymous access and authentication control section, near the top. Clear the anonymous check box at the top, and click on the Integrated Windows Authentication checkbox on the bottom.
Now the only folks who can get to the site will be the users who have membership in the group you created, and they'll get the login box asking for username, password, and domain when they go to the site.
0
 
LVL 1

Author Comment

by:GorGor1
ID: 6869595
ok, BUT...I don't want to manually enter hundreds of usernames and passwords.  Is there a way to automate it??
0
 
LVL 17

Accepted Solution

by:
mikecr earned 150 total points
ID: 6876551
There is a command called Addusers in the Windows 2000 resource kit that will allow you to automate creating users by using a file. You could export your information form the access database to a file and then use the Addusers to import this file and create the accounts. I believe it will allow you to import current passwords also.
0
 
LVL 1

Author Comment

by:GorGor1
ID: 6878957
That's exactly what I was looking for.  Thanks!
0
 
LVL 17

Expert Comment

by:mikecr
ID: 6879687
No problem. Good luck!
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
We have come a long way with backup and data protection — from backing up to floppies, external drives, CDs, Blu-ray, flash drives, SSD drives, and now to the cloud.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now