• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 247
  • Last Modified:

password protecting entire directories on windows server

i've got a website on a windows server (hosted elsewhere, not with me).  i need something LIKE htaccess to protect an entire directory on the site.  does anyone know the most secure way to do this?

thanks,
code_red
0
code_red
Asked:
code_red
  • 9
  • 7
1 Solution
 
humeniukCommented:
The conventional way is to create local or domain users and grant/deny them specific permissions using NTFS permissions.  I take it that you are looking for an alternative that is more like using an htaccess file.  If I am correct in this, take a look at IIS Password at www.snapfiles.com/freeware/server/fwiis.html.

BTW - credit is due to meverest as I am only aware of this because he recommended it in a different thread (www.experts-exchange.com/Web/Web_Servers/IIS/Q_21390483.html).  I downloaded it to try it out and it's very useful.
0
 
code_redAuthor Commented:
i can't use this with a server that i'm not hosting, can i?  i'm hosting with another company.  i was under the impression that i could only use IIS Password if it was on my own server/hard drive.

code_red
0
 
humeniukCommented:
Hmmm, you probably can't, though you may want to check with your host.  Some are much more open to helping you with this sort of thing than others.  While you're at it, you may want to ask them if there's a simple way to do this with whatever their setup/config is.

Otherwise, you may want to consider using some server-side scripting method of setting up user authentication.  There are some very good user authentication scripts available.  If this is of interest to you, let me know whether you are using ASP or PHP.
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
code_redAuthor Commented:
i've talked to the host time & time again...they cannot offer me any help.  they say i have to find the scripts myself.  

i'm using ASP.  i would like something that is secure, of course.  thanks for your help.
0
 
humeniukCommented:
I was hoping you were going to say that you use PHP because that's what I use and I could point you in the direction of a couple of scripts that I've used and like :)  However, since you are using IIS, it makes sense that you'd be using ASP too.

There are several ASP user authentication scripts available at HotScripts (see www.hotscripts.com/ASP/Scripts_and_Components/User_Authentication).  I would recommend you take a look and see which one best suits your requirements.  I'm sorry that I can't recommend a specific one, but without having used any of the ASP scripts, I'm not really in a position to do so.
0
 
humeniukCommented:
Another option would be to ask for recommendations in the ASP TA (www.experts-exchange.com/ASP).
0
 
code_redAuthor Commented:
well, i usually use PHP, where in that case, i would use htaccess.  unfortunately, we were having problems with their web forms using php and the information 'disappearing' in IE when the user went 'back', then the user's info from that page would not be submitted, even though they thought it would be.  it was very frustrating that no matter what i did, i ended up with the same result - missing information.

have you come across this problem?  if so, how did you resolve it (without using a database - they don't have that kind of cababilities right now)?
0
 
humeniukCommented:
". . . information 'disappearing' in IE when the user went 'back' . . ."
That's an IE trait that I've experienced while using many sites, including E-E.  It's one of many reasons I switched to Firefox.  I suspect there is no web dev way around it, but I'm not a browser expert.
0
 
code_redAuthor Commented:
well, the problem would not so much be the info disappearing for the user, but when the user re-enters the info, it still doesn't come thru to the fwrite.  personally, i use firefox as well, but unfortunately, 90% of the world uses IE, so I have to develop the forms to work with that.

i guess i'll move on.  thank you for trying.
0
 
humeniukCommented:
Ah, I see.  Yes, you do have to be mindful of the IE dominance when you are developing a site even if you've chosen to make your own life easier by using Firefox :)

You might do well to ask about this in Web Dev section.  I typically use a database for this sort of thing as you noted above.
0
 
code_redAuthor Commented:
would it be alright if i deleted this question, since i will need to post it elsewhere to get help?

thanks.
0
 
humeniukCommented:
IMHO - Your original question was about secure ways to password protect an entire directory and that question has been answered.  It is only the largely unrelated follow-up questions that haven't been answered (and which probably should have been asked as new questions elsewhere).

If you disagree, you can post a request to close the question in Community Support (www.experts-exchange.com/Community_Support) and have a moderator decide what is most appropriate.
0
 
code_redAuthor Commented:
the answer you gave me about IIS password will not work with the server I'm forced to use.  everything i've found on ASP password protecting will not allow me to password protect entire directories.

i'll look into it some more.  sorry i offended you.
0
 
humeniukCommented:
I'm not offended, I just disagree :)

I took a look and you are correct that most of the solutions at the Hotscripts link I provided are more suitable to secure individual files rather than entire directories.  However, given how server side languages work, you are not going to find a solution that does not require you to include at least a little bit of code on each of the individual pages you want to protect.  If that does not suit your purposes, then the real answer is that you can't do what you want to do unless you switch to a host that will allow you to use the ISAPI solution above, which would be preferable anyway.
0
 
code_redAuthor Commented:
thank you.  i was looking at the VT Auth on hotscripts.  i'm not sure, but it SEEMS like it will work...i'll have to try it out first though.  yes, i cannot put the script on each page i want protected b/c the forms write the results to their own txt file in that secure folder.  ah well, i had hoped i'd get the answer i needed at EE.  who knows, may the VT Auth will work!

thanks for your time...
0
 
humeniukCommented:
Good luck with the script.  I'd be interested to hear how it works out.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 9
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now