Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Restrict access to default website and company content from Internet unless authenticated, but allow anonymous access to some

Posted on 2006-06-16
1
Medium Priority
?
271 Views
Last Modified: 2010-04-19
I have a company that has a custom database program accessable by browser on their LAN.  It automatically created a virtual directory which is accessable on the network, and all machines access it by IE.  Is it wise to have them ALWAYS authenticate first by their windows passwords, then type in a 2nd login to this jobtracker program?  Or let maybe Outlook Web Access, and JobTracker have anonymous web access and use their own credentials first.

At first whoever set this up for them had ALL sites from default site down restricted by IP to the internal LAN range, and nothing worked from outside the network.   So I changed that at Default site (but did not propogate it to anything in sub folders) and sure enough I could access both the default site and the /jobtracker/ subfolder from outside on the net.

  Not sure on the "best practice" here as I rarely do IIS stuff, so any advice is appreciated.  How should I restrict IPs?  How should authentication be handled?  

Thanks
0
Comment
Question by:pcns09
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 375 total points
ID: 16924702
The Best Practice on an SBS is to run the Configure Email and Internet Connection Wizard (CEICW -- linked as Connect to the Internet in the Server Management Console) and let that wizard handle modifying the permissions on the IIS virtual directories.

When the JobTracker site was created, it should probably have not been created under the default site.  It would have been better to create a new site and give it a host header, the same way that Companyweb is configured.

But in either case, there should be no reason that a user should have to type their windows password when the site opens if they are already authenticated on the LAN.  While the IIS Directory Security should be set to Integrated Windows Authentication, if it's requesting their password again, then their settings aren't right in IE under Tools > Internet Options > Security > User Authentication.

Jeff
TechSoEasy
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question