• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 50
  • Last Modified:

Creating limited logons for access to a website in IIS 10

Hi,

What is the recommended way to create a limited login to an admin section for a specific website in Windows 2016 for a public-facing webserver in IIS?  I see several options: Basic/Digest/Windows authentication methods.  I'd like not to have to add a local account for each client if possible, but will if I need to.  Part of their admin functionality is to upload and manage images, if that has any impact.

Thanks!

--Ben
1
Ben Conner
Asked:
Ben Conner
  • 2
  • 2
1 Solution
 
Dan McFaddenSystems EngineerCommented:
What are you using to manage content on the website?  Usually this would be controlled in the application itself.  The authentication configuration is based on what technology the backend uses.

Dan
0
 
Ben ConnerCTO, SAS developerAuthor Commented:
Hi Dan,

This site uses Coldfusion.  I want to restrict access to the admin folder.  But for the sake of this question, let's say it was a static site and I didn't want a given folder to have public access.   ?

--Ben
0
 
Dan McFaddenSystems EngineerCommented:
Ben,

It's not that simple.  If you want to control access to a specific folder (directory, URL) you need to have some way of indicating which user IDs can access that location.  Without doing this in code (of userIDs in the CMS) you will need to change the folder's permissions (ACLs) to limit what user IDs can enter the location.  This means having a local account (or domain account if needed) that has access to the resource.

Then you can enable BASIC or Windows authentication.  But I do not recommend any authentication which sends credentials without an SSL Certificate installed and properly configured on the site.

The best way to accomplish this, would be to build the authentication functionality into the app at the code level.  Then enable authentication in the admin section of the site.

BTW, this process is the same for IIS7+.

How to article:  http://www.iisunderground.com/password-protect-a-file-or-directory/

Reference links:
Basic Auth:  https://docs.microsoft.com/en-us/iis/configuration/system.webserver/security/authentication/basicauthentication
Windows Auth: https://docs.microsoft.com/en-us/iis/configuration/system.webServer/security/authentication/windowsAuthentication/

Dan
0
 
Ben ConnerCTO, SAS developerAuthor Commented:
Thanks, Dan.  Yes, this site has a cert.  No issues there.  Will take a look at the articles and see what I did wrong. :)

Thanks!

--Ben
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now