authentication

[vasanth kumar]

Hi,

I am running IIS server for hosting webpages. For one of the folders I
want to enable the authentication. How to do this? My webpage is not asking
login/password, when the page is accessed in browser.

I don't want to maintain one more set of username & passwords. Server
has already username & passwords. I just want to use that facility. All I
need is only username in my scripts.

I want this authentication only for few pages/folders.

Any help appreciated.

Can somebody suggest me a good book.

Regards,
Vasanth

 

[Lord Merlin]

I might be wrong, but what you request can't really be done. You most
probably got an FTP username / password to upload the files. If you want
todo what you say, best bet is to create a simple login script, that can use
that username and password, and hardcode this username and password into the
files you want to secure. There are ways of securing a whole folder, but
AFAIK, that would have to be done from the server's side, by your server
Admin, if it's not yourself. I haven't done this myself yet, but I'm sure
others would tell you howto do that.

Here is a very very basic login script, which you can simply include at the
top of all your pages:

<%
iUsername = "this_is_your_username"
iPassword = "this_is_your_password"
fUsername = request..form("username")
fPassword = reuqest.form("password")

if iUsername <> fUsername & iPassword <> fPassword then
response.write("You need Administrative access for this page.<BR>")
server.execute("loginform.html")
response.end()
end if

simply said, if the username / password pair doesn't match, it displays a
form, where the user can enter his username / password, and this then gets
submitted to this script.

hth

--

Kind Regards
Rudi Ahlers
+27 (82) 926 1689

Greater love has no one than this, that he lay down his life for his friends
(John 15:13).
Hi,

I am running IIS server for hosting webpages. For one of the folders I
want to enable the authentication. How to do this? My webpage is not asking
login/password, when the page is accessed in browser.

I don't want to maintain one more set of username & passwords. Server
has already username & passwords. I just want to use that facility. All I
need is only username in my scripts.

I want this authentication only for few pages/folders.

Any help appreciated.

Can somebody suggest me a good book.

Regards,
Vasanth

 

[PW]

My webpage is not asking login/password, when the page is accessed in
browser.

----------------

Sounds like you're playing in the same area that I'm playing in right now
.... that is, becoming acquainted with windows security system. Here it is
in a nutshell ...

1. CREATE A USER
In order to cause windows to prompt the user for a username/password, first
you must create a user in the operating system. Therefore on the desktop
where you see the "My Computer" icon, right-click and select "manage". Go
to the "Local user and groups" section and open it, then go to the "Users"
section. Now right-click on the right hand side of the screen and select
"New User", then enter the details ... its pretty simple.

2. RESTRICT ACCESS
Now that you have your user setup, you need to restrict the website to only
that user. Go to the START menu, select RUN, then type "mmc" and press
enter. The "Microsoft Management Console" will appear. Now select the
"FILE" option from the menu and then "add/remove snap-in". A new box will
pop-up. Click the "ADD" button and select "Internet Information Services".
Click "ADD" and then "CLOSE". Now you have the IIS snap-in running. Now
within MMC navigate to the directory where your website resides.
Right-click on it and select "properties". Go to the "Driectory Security"
tab and select the "Anonymous Access - EDIT" button. UN-tick everything
except the "basic authentication" option, and leave the "default domain" and
"realm" blank. Click OK.

3. ASSIGN USER ACCESS
Finally, start your normal windows explorer and navigate to your websites
directory once again. Right-click and select "properties". Go to the
"security" tab and click the "ADD" button to add the users name. Enter the
users name where it says "Enter the object names" then click the "check
names" button. You are now returned to the initial security box. Click
once on the name you just entered and tick "Full control" in the lower box,
and then click on the OK button.

Thats it. All users should now be challenged when they attempt to go to the
website. The user you just created should have access to get into it.

HTH,
PW