Solved

How To Get IIS-7 To Prompt For UID & P/W?

Posted on 2015-01-21
7
88 Views
Last Modified: 2015-01-21
Hello All...

We're newbies at this, so please bear with us on this.

We have used the ReCrystallize Pro software, which requires you to do this via IIS-7, to build a "WEB" Based Crystal Reporting portal, but we are *VERY* concerned about exposing our Server/Access to the general public at large.

All we want to accomplish here, is to allow certain end-users, whom we know, to use whichever web browser on whichever mobile device they own (Tablet, Smartphone, Desktop Computer away from their corporate building), to be able to run reports as needed.  Simple, simple.

We "think" we can use something like "https", and require a UserID & Password, to lock this down...are we correct here?  And, specifically, how do we go about doing this?  Any other suggestions?  We are not technical when it comes to IIS/Web configuration, so please be gentle and simple :-)

Thank you very much!...Mark
0
Comment
Question by:datatechcorp
  • 4
  • 3
7 Comments
 
LVL 4

Accepted Solution

by:
Praveen Kumar Bonala earned 500 total points
ID: 40562931
Hi ,
we have 4 authentication methods in IIS
Anonymous, Basic, integrated, Digest authentication methods.

Where Anonymous never ask for password and remaining 3 methods prompt for password for end user.

1. open IIS management console


2.In Features View, double-click Authentication.


3.On the Authentication page, select Basic Authentication.


4.In the Actions pane, click Enable to use Basic authentication with the default settings.


5.Optionally, in the Actions pane, click Edit to type the default domain and realm.


6.In the Edit Basic Authentication Settings dialog box, in the Default domain text box, type a default domain or leave it blank. Users who do not provide a domain when they log on to your site are authenticated against this domain.


7.In the Realm text box, type a realm or leave it blank. In general, you can use the same value for the realm name as you used for the default domain.

similarly you can try other authentication methods, check following link for reference...

https://technet.microsoft.com/en-us/library/cc733010(v=WS.10).aspx
0
 

Author Comment

by:datatechcorp
ID: 40562962
Hi Praveen...

Thank you *soooooo* much for responding.  Question...will implementing "Basic Authentication"...be enough of a stop gap...to harden both our Web Portal (i.e. the ReCrystallize piece) AS WELL as the Windows 2008 Server that the IIS resides on...from being hacked?  Is this the right approach?  Please let me know...it's very much appreciated!

Thanks!...Mark
0
 
LVL 4

Expert Comment

by:Praveen Kumar Bonala
ID: 40563002
Yes,
you can proceed as per my knowledge it's right approach. Other wise you can go with Client certificate Mapping.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 

Author Comment

by:datatechcorp
ID: 40563012
Hmmm...client certificate mapping...that sounds more secure (again, please excuse me...I'm a newbie :-)...

How do you implement something like that?  Is it a simple process?  Please let me know...Thanks!...Mark
0
 
LVL 4

Expert Comment

by:Praveen Kumar Bonala
ID: 40563081
This task includes the following procedures:

Map Client Certificates One-to-One (IIS 7)

Map Client Certificates Many-to-One (IIS 7)

Map Client Certificates by Using Active Directory Mapping (IIS 7)

Please check following link to know about client certificate(Must read to understand concept...very simple)
https://technet.microsoft.com/en-us/library/cc732996(v=ws.10).aspx

Please check following link for step by step procedure to implement certificate maping

http://www.jayway.com/2014/10/27/configuring-windows-local-iis-to-use-your-self-signed-certificates-with-your-application/
0
 

Author Comment

by:datatechcorp
ID: 40563316
Thanks again Praveen...you've been *very* helpful!  Have a great day!...Mark
0
 
LVL 4

Expert Comment

by:Praveen Kumar Bonala
ID: 40563420
Thank you....
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question