Solved

Restrict access to default website and company content from Internet unless authenticated, but allow anonymous access to some

Posted on 2006-06-16
1
249 Views
Last Modified: 2010-04-19
I have a company that has a custom database program accessable by browser on their LAN.  It automatically created a virtual directory which is accessable on the network, and all machines access it by IE.  Is it wise to have them ALWAYS authenticate first by their windows passwords, then type in a 2nd login to this jobtracker program?  Or let maybe Outlook Web Access, and JobTracker have anonymous web access and use their own credentials first.

At first whoever set this up for them had ALL sites from default site down restricted by IP to the internal LAN range, and nothing worked from outside the network.   So I changed that at Default site (but did not propogate it to anything in sub folders) and sure enough I could access both the default site and the /jobtracker/ subfolder from outside on the net.

  Not sure on the "best practice" here as I rarely do IIS stuff, so any advice is appreciated.  How should I restrict IPs?  How should authentication be handled?  

Thanks
0
Comment
Question by:pcns09
1 Comment
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 125 total points
Comment Utility
The Best Practice on an SBS is to run the Configure Email and Internet Connection Wizard (CEICW -- linked as Connect to the Internet in the Server Management Console) and let that wizard handle modifying the permissions on the IIS virtual directories.

When the JobTracker site was created, it should probably have not been created under the default site.  It would have been better to create a new site and give it a host header, the same way that Companyweb is configured.

But in either case, there should be no reason that a user should have to type their windows password when the site opens if they are already authenticated on the LAN.  While the IIS Directory Security should be set to Integrated Windows Authentication, if it's requesting their password again, then their settings aren't right in IE under Tools > Internet Options > Security > User Authentication.

Jeff
TechSoEasy
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Introduction At 19:33 (UST) on Tuesday 21st September the long awaited email arrived with the subject title of “ANNOUNCING THE AVAILABILITY OF WINDOWS SBS 7 PREVIEW”.  It was time to drop whatever I was doing and dedicate as much bandwidth as possi…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now