0

I have a site running on IIS6 and I want to make it authenticate via the standard gray pop-up window. I.e. it should use Windows to authenticate. I want to make it so only one single user on the system can get in, not any user setup on the server. Its currently setup without anonymous access and with Integrated Windows Auth. Any user on the system can use their credentials to log in. How do I make it so only a single user can get it?

Mark
  • 1,991
  • 6
  • 18
  • 18

2 Answers2

1

That sounds like two different problems... If you want your users to authenticate with the pop-up window (rather than just using their Windows credentials through NTLM or Kerberos), you would need to setup Forms Based Authentication (FBA) through ASP.Net (more information here: http://msdn.microsoft.com/en-us/library/aa480476.aspx)

As far as allowing only a single user to get in... you need to setup permissions (anonymous access will allow anyone in): http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/cf7f59d4-9ab9-4038-a482-d72d3e6f801e.mspx?mfr=true

Sean Earp
  • 7,207
  • 3
  • 34
  • 38
  • When I say the gray pop-up, I'm talking about the Windows auth pop-up. I am using Windows auth, not FBA -- I don't want FBA. I guess my question is, how can I lock down the folder security so ONLY a specific Windows user can log in, not all of them? – Mark Nov 23 '09 at 21:48
  • Aaah, gotcha. You can modify the NTFS permissions of the website (probably somewhere under C:\inetpub\wwwroot), or right-click the website in IIS Manager, choose permissions, and modify them there. – Sean Earp Nov 23 '09 at 22:00
  • Walkthrough here: http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/ea46e264-32db-47a0-b755-2c2262fcc078.mspx?mfr=true – Sean Earp Nov 23 '09 at 22:00
0

Yes you are correct there and that is how we are using it. We have multple websites on that server and our main site they are using LDAP to authenticate. We use local Windows Authentication on 2 other websites on that server.

I have setup the persmissions on the folder and it has worked for years with no issues till they started to mess with the authentication of LDAP. I know it is two serperate areas but we are seeing the same results. Once the user logs in the index.php, index.cfm nor does index.html display. remove authenication and it works with no issue. Its a funny problem to solve to be honest I am not sure if we have a DLL that may be bad but I show no errors in any logs.

The event viewer security log shows the user logged in successfuly but no webpage :(