IIS sub directory - how to allow autorized users access only for users users that have logged on to a website
Restricting access of a .pdf document (e.g. 'Reader.pdf') to internal caller only.
Website IP address is 184.108.40.206. The test directory to use is '/p1search'.
In IIS, under "Security" Tab of "Property" of a particular directory (e.g. '/p1search'), the top part of the dialog box is "Enable anonymous access" - If checked, one specifies an account, whose default is 'ISER_WINDOWS2003' (Internal Guest Account). The others are 'IWAM_WINDOWS2003' (Launch IIS Process Account), 'Administrators', 'ASP NET', 'VUSER_WINDOWS2003' (?), etc. If not check, it doesn't ask for an accout.
The bootom part of this dialog box are four checkboxes: 'Integrated Window authentication','Digest authentication for Windows domain servers','Basic authentication (password is sent in clear text)', and '.NET Password authentication'.
The objective is to configure, using this security dialog box, is to restrict the access to a particular directory ('/p1search') from any callers that originates from within the same website (e.g. 220.127.116.11) alone, i.e. any URL of the form "<directory><filename>" is accessable; whereas, any URL of the form "http://
name>" (e.g. 'http://18.104.22.168/p1search/Reader.pdf'
) has access to be denied. When I set anonymus account to be 'ON' using IUSR_WINDOWS2003, the this particular directory is accessable, including going through URL of the form "http://
name>" (this URL is entered at Address text box of an Internet Explorer (or of FireFox's one); evenmore, Google crawler can access this directory. But I desired to disable such access. Only place to access this directory ('/p1search') is to be called from .asp program's <a href="<directory><filename
>" (e.g. '../p1search/Reader.pdf'),
where this caller asp program resides at same server as this particular directory ('/p1search'), and at same website address ('22.214.171.124').
If it is not with 'Security' dialog box, Right-clicking on a particular directory (e.g. '/p1search'), then submenu item 'Permission' may be so. In there, there are various system accounts (IUSR_WINDOWS, IWAM_WINDOWS, Administrators, ASP Net, etc..), having capable of setting permission parameters. The problem is WHICH account is Set to be 'enabled'; whereas, which one should set to be 'denied'.