IIS file password protection

Posted on 2012-09-19
Medium Priority
Last Modified: 2012-09-20
I'm a newby with IIS and have been asked specifically to learn password protecting files for a job interview.

Assuming I am understanding the exact request correctly, here is what I am attempting to do.  I'm trying to get prompted for a login when a user named jethro attempts to access file1.htm.  The user account jethro has been added to local users and groups.  Windows authentication is enabled in IIS authentication.   Anonymous authentication is disabled.  I believe I did it exactly the way the youtube tutorial below says.  For some reason his works and mine doesnt.  He clicks on file1 and gets prompted for a login.  I click on file1.htm and the file opens without allowing me to put in jethro's credentials.

Does anything pop in anyones mind about what I might be missing?  I dont expect anyone to actually watch the youtube but its there just in case someone wants to see exactly what I am trying to do.

Question by:anthtaddeo
  • 3
  • 2
LVL 35

Expert Comment

ID: 38417535
As you deal with NTFS permissions, investigate your group membership and see, if you are a member of a group, which gets permissions by the group membership.
So, if you are admin, you inherit the permissions from the admins group.

Second, IE stores the user, so if you logon before, the browser keeps your logon as long as you are visiting the site.
So just close the broser (all browser windows) before you try it again.

Author Comment

ID: 38418634
Thank  you! I think you are correct about the NTFS permissions.  Now I am finding it does work but just not the way it does for the guy in the video so I'm confused.  If someone can help open up my understanding it would be greatly appreciated.

When I was doing this I was logged in as admin.  Reason being is the guy in the video never switched users when testing out his work so I think he was doing this from an admin account as well "having admin permissions".  Basically though, I was expecting to go to the home page "still logged in as admin".  Once I was on the home page I was expecting to click on a link "file1.htm".  When clicking on this link is when I was expecting to get prompted for a password.  It never made sense to me to begin with because  I never configured that specific file to do anything like this.  However, this is how it seemed to work for the guy in the video and I dont understand where I am going wrong.

After the Bembi post, I decided to switch the user to Jethro.  Now when going to localhost, I get prompted to log in but here is the problem.  My goal is to password protect a specific file on the homepage.  Not the homepage itself.  Somehow it worked for the guy in the youtube I provided but it makes no sense to me because I dont understand what he did to make that link "file1.htm" link throw up a login box.
LVL 35

Accepted Solution

Bembi earned 2000 total points
ID: 38418723
Not quite difficult.
He created a default.htm with the three links.

Default.htm is accessable for all users...
Link 1 (file1.htm) is a second file in the rule, and there he changed the permissions (Users group out, Jason in).
the other two links he set the permission on the folder, was is then inherited to the files.
So he throwed users out and out elly in.

But not for the main page, what is default.htm.

Also keep in mind, that the owner of a file (the creator) all the time has full permissions, as long as the owner is not changed. If you create a file, you have full permissions by default.
In the security tab, you have also an owner tab to change the owner.

Author Comment

ID: 38419073
It worked and makes perfect sense now.   I've read about permissions but this excercise  and your assistance provided a better understanding.  Thanks a lot.  I really appreciate it.

Author Closing Comment

ID: 38419082
Bembi was right on

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Debug Tools to analyse IIS process: This article focus on taking memory dumps from IIS to determine which code is taking more time and to analyse which calls hangs/causes more CPU usage. To take dumps,download the following. Install1: To st…
A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question