[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

IIS 6 - Intranet, Protected Directories and access for certian network groups

Posted on 2007-03-26
7
Medium Priority
?
387 Views
Last Modified: 2008-02-01
We have a local Intranet.  I have searched the forum and have not found the answer I am looking for.  We are using Windows 2003, IIS 6 and we have an Active Directory system.  Here is what I want to accomplish.

IT wants to have their own directory of documents that is secure so no other departments can have access.  I do not want IT users to be prompted for a userid and password.  I would like the system to know what Active Directory group they are apart of and allow access.  In IIS 6, I open the Intranet website and choose the folder ITS.  I right click and go to Permissions.  Now here is where I get stuck.  I have no idea what to edit.  It looks as if I can add the IT group but I am unsure and do not want to screw anything up.

I know I can use a database with a list of users and use ASP.NET to grab the user name, compare and allow access if needed but that means I have to keep that list updated.  I would like to utilize the IT group that is in the network system.

Thanks for the help
0
Comment
Question by:hcaadev
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 18795698

If you're using ASP.NET to handle your security and you happen to be using Integrated or Forms based authentication you should be able to pick up information such as Group Membership using System.DirectoryServices.

How are you currently handling authentication?

Chris
0
 

Author Comment

by:hcaadev
ID: 18795798
We don't really have any on the Intranet.  Anyone in our domain can access the Intranet.  We have a couple of applications that only specific users can access.  We have programmed the allowed users in the database the the program utilizes.  We grab the user id using asp.net and verify with the database to see if they are allowed.  This works great for these programs since there are a small number of users.

How would you code what you are talking about using System.DirectoryServices?  Again, what I am trying to do is to restrict non IT users from viewing a web page that is accessible from the Intranet.  If an IT user clicks on the IT link, the system will know they are from IT and allow access.  If the user is non-IT than no access will be granted.  I do not want to have to manage the users.  I would rather we use the group that the Active Directory Admin updates.

options?  
0
 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 18798128
You could simply secure the contents on the file system by only allowing the 'IT Group' to have Read permissions and then set the directory to use Integrated Authentication in IIS.

If the user isn't part of that group they will be prompted for credentials but won't be able to get in.

Dave Dietz
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 1000 total points
ID: 18798403

That would certainly be easier.

Developing something to authenticate them against AD isn't really trivial.

Chris
0
 

Author Comment

by:hcaadev
ID: 18800608
Can anyone walk me through the IIS Setup?  

- When I go into IIS and expand Websites, I see my website Intranet
- I highlight and right-click a folder (test)
- I go to permissions and see
   - Administrators
   - IIS_WPG
   - Internet Guest Account
   - System
   - USers

How can I make this directory accessible to only those who are in the IT Group?

thanks
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 1000 total points
ID: 18800671

Leave IIS_WPG, Administrators and System. Remove Internet Guest Account and Users. Add in a group that covers the members of IT.

Chris
0
 

Author Comment

by:hcaadev
ID: 18801154
Thanks Chris-Dent and Dave_Dietz!!  The solution worked.  I gave Chris the most points since he helped the most and gave Dave some points for his answer as well.  I hope you both agree.  Have a great day.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lync server 2013 or Skype for business Backup Service Error ID 4049 – After File Share Migration
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question