www.webdeveloper.com
Results 1 to 4 of 4

Thread: [RESOLVED] IIS settings for secure web access

  1. #1
    Join Date
    Nov 2002
    Location
    Norwood, MA
    Posts
    187

    resolved [RESOLVED] IIS settings for secure web access

    Greetings,

    I'm really struggling with this one, and any suggestions are welcome! My modest suite of in-house developed applications in (eek! I know, and please forgive me) MS Access 2003, running on a Windows 2003 server with IIS 6.0, has run into a major security snag.

    In order for integrated authentication to work, and therefore allow or restrict pages, form fields, etc., we've had to allow read and execute access to all our domain users. The issue is that this means they can open the shared folder and browse records at their leisure, should they figure out where to go to open the database files.

    Is there any possibility to set up access for domain users to see the web application and pass on their windows credentials, without having to grant any folder access? Or, conversely, can the MS access databases be locked down for shared folder access, while still allowing web application access?

    Thanks very much in advance!

    Me

  2. #2
    Join Date
    Dec 2002
    Location
    Calgary, Canada
    Posts
    6,120
    never done it in this manner, but shouldn't you be able to get this achieve by going to security tab and ONLY allow IIS default user to access folder where database files are?
    Cheers

    Khalid

    Message Posting Guidelines In These Forums, Please read these before posting any question.
    Web site: webapplikations.com
    Web Resources Page:Web Resources

  3. #3
    Join Date
    Nov 2002
    Location
    Norwood, MA
    Posts
    187
    I wish... But no... Since we're using integrated authentication, the individual users apparently need access to the share. Otherwise, they can't open web pages. And they also need write access, or they won't be able to create and update records. Any more hints???

  4. #4
    Join Date
    Nov 2002
    Location
    Norwood, MA
    Posts
    187
    Thanks to intervention from Microsoft (definitely worth the flat fee they charge per incident), we were able to identify the problem. Instead of using the network path to identify the website location on the "Home Directory" tab of the IIS properties, we were using the local drive path. That was all that needed to be changed.

    Once we switched to the network path and added a dedicated service account to "Connect As...", impersonation started working right away. Users pass their logged on credentials via integrated authentication (no logon required) and the service account takes care of executing their actions on the database file.

    Access to the shared folder is limited to a brief list of administrators, and data access on the web application is limited based on user names.

    If anyone is stuck with this and needs help, let me know!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles