J
John Davis
Anyone knows how to create the username/password authorization dialog in
ASP?
Thanks,
John
ASP?
Thanks,
John
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
J
John Davis
Do you mean to go to "Directory Security" Tab, and click "Edit" button in
Anonymous access and authentication control? And then check "Basic
authentication." ?? How about the ASP source code? How to invoke the
username/password dialog?
Thanks,
John
Anonymous access and authentication control? And then check "Basic
authentication." ?? How about the ASP source code? How to invoke the
username/password dialog?
Thanks,
John
C
Curt_C [MVP]
yes..... Turn off Anonymous.
The popup login box is built-in and automatic
The popup login box is built-in and automatic
J
John Davis
Thanks, but how to set the username and password. I did that in Anonymous
User Account, but it seems not working. Also, what is the checkbox "Allow
IIS to control password" means??
Please advice, thanks!
john
User Account, but it seems not working. Also, what is the checkbox "Allow
IIS to control password" means??
Please advice, thanks!
john
P
Phrederik
William Tasso said:That would do it.
Using Windows or Basic authentication there is no need for asp to do
anything. IIS takes care of ensuring authentication. Useful if your
visitors are mapped to user names on the server.
But I find that this doesn't work with many browsers. Opera 7 just
reports an unknow authentication error (or something similar). IE on
my old Mac would prompt for user information, but it could not
authenticate any user I entered. It all works fine on my XP machine
with IE6 of course.
P
Paul White
John Davis said:Thanks, but how to set the username and password. I did that in Anonymous
User Account, but it seems not working. Also, what is the checkbox "Allow
IIS to control password" means??
On your desktop, go to "My Computer",
right-click and select "Manage",
then "Local users and groups",
then "Users", right-click, add new user.
M
Matt
I want to add security in ASP application.
When the user go to http://localhost/myproject/index.asp, I want it will pop
up an username/password authentication dialog box.
Here's the steps I did, but still not working.
1. In computer management, add an user "admin" that should have permission
to the page
2. In IIS console, right click the file index.asp, and click properties >
File Security > Edit, and click Edit button under Anonymous access, and add
user "admin" in Anonymous User Account window.
3. Uncheck Anonymous access check box
4. Click OK button
Then it should provide security access to index.asp only, but not other
files. But still not working either way. Please advise!
Thanks,
Matt
When the user go to http://localhost/myproject/index.asp, I want it will pop
up an username/password authentication dialog box.
Here's the steps I did, but still not working.
1. In computer management, add an user "admin" that should have permission
to the page
2. In IIS console, right click the file index.asp, and click properties >
File Security > Edit, and click Edit button under Anonymous access, and add
user "admin" in Anonymous User Account window.
3. Uncheck Anonymous access check box
4. Click OK button
Then it should provide security access to index.asp only, but not other
files. But still not working either way. Please advise!
Thanks,
Matt
K
Ken Schaefer
You need to:
a) uncheck the "Allow Anonymous Access" box
b) check the "Basic" and/or "integrated Windows Authentication" box
c) change the NTFS permissions to give your user account access
d) If you are using Internet Explorer -and- Integrated Windows
Authentication, then http://localhost is in the Intranet zone, and IE will
automatically logon for you (so you wont' see the logon dialogue box).
Instead, try http://127.0.0.1 which IE will think is in the Internet zone
Cheers
Ken
: I want to add security in ASP application.
: When the user go to http://localhost/myproject/index.asp, I want it will
pop
: up an username/password authentication dialog box.
:
: Here's the steps I did, but still not working.
: 1. In computer management, add an user "admin" that should have permission
: to the page
: 2. In IIS console, right click the file index.asp, and click properties >
: File Security > Edit, and click Edit button under Anonymous access, and
add
: user "admin" in Anonymous User Account window.
: 3. Uncheck Anonymous access check box
: 4. Click OK button
:
: Then it should provide security access to index.asp only, but not other
: files. But still not working either way. Please advise!
:
:
: Thanks,
: Matt
:
:
:
:
:
:
a) uncheck the "Allow Anonymous Access" box
b) check the "Basic" and/or "integrated Windows Authentication" box
c) change the NTFS permissions to give your user account access
d) If you are using Internet Explorer -and- Integrated Windows
Authentication, then http://localhost is in the Intranet zone, and IE will
automatically logon for you (so you wont' see the logon dialogue box).
Instead, try http://127.0.0.1 which IE will think is in the Internet zone
Cheers
Ken
: I want to add security in ASP application.
: When the user go to http://localhost/myproject/index.asp, I want it will
pop
: up an username/password authentication dialog box.
:
: Here's the steps I did, but still not working.
: 1. In computer management, add an user "admin" that should have permission
: to the page
: 2. In IIS console, right click the file index.asp, and click properties >
: File Security > Edit, and click Edit button under Anonymous access, and
add
: user "admin" in Anonymous User Account window.
: 3. Uncheck Anonymous access check box
: 4. Click OK button
:
: Then it should provide security access to index.asp only, but not other
: files. But still not working either way. Please advise!
:
:
: Thanks,
: Matt
:
:
:
:
:
:
M
Matt
Thanks Ken,
it pops up the logon dialog box when I try 127.0.0.1, but how about the
domain? How to set the domain? Even I don't type anything in domain, it is
still able to go to the page? Also, what do you mean "c) change the NTFS
permissions to give your user account access." I just added the user in
Anonymous User Account window in IIS console.
Please advise. Thanks!
it pops up the logon dialog box when I try 127.0.0.1, but how about the
domain? How to set the domain? Even I don't type anything in domain, it is
still able to go to the page? Also, what do you mean "c) change the NTFS
permissions to give your user account access." I just added the user in
Anonymous User Account window in IIS console.
Please advise. Thanks!
R
Roland Hall
: Thanks Ken,
: it pops up the logon dialog box when I try 127.0.0.1, but how about the
: domain? How to set the domain? Even I don't type anything in domain, it is
: still able to go to the page? Also, what do you mean "c) change the NTFS
: permissions to give your user account access." I just added the user in
: Anonymous User Account window in IIS console.
Matt...
Disabling the anonymous user setting in IIS requires you to use either Basic
or integrated Windows Authentication.
In the NTFS permissions settings at the file system level, on the Security
tab, add the domain user you want to have rights to login with. If
domain\user1 has rights, and domain\user2 tries to logon, they will be
denied. If you want more than one user, it is recommended to either use an
existing group or create a new one. Add the group to the NTFS permissions
so if users have to be added, deleted in the future, just add/remove them
from the group in your domain group. You will not have to revisit the NTFS
permissions or the IIS settings.
Setting the user as the anonymous user in IIS defeats the purpose of
disabling anonymous user access.
HTH...
--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp
: it pops up the logon dialog box when I try 127.0.0.1, but how about the
: domain? How to set the domain? Even I don't type anything in domain, it is
: still able to go to the page? Also, what do you mean "c) change the NTFS
: permissions to give your user account access." I just added the user in
: Anonymous User Account window in IIS console.
Matt...
Disabling the anonymous user setting in IIS requires you to use either Basic
or integrated Windows Authentication.
In the NTFS permissions settings at the file system level, on the Security
tab, add the domain user you want to have rights to login with. If
domain\user1 has rights, and domain\user2 tries to logon, they will be
denied. If you want more than one user, it is recommended to either use an
existing group or create a new one. Add the group to the NTFS permissions
so if users have to be added, deleted in the future, just add/remove them
from the group in your domain group. You will not have to revisit the NTFS
permissions or the IIS settings.
Setting the user as the anonymous user in IIS defeats the purpose of
disabling anonymous user access.
HTH...
--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp
T
Tom Kaminski [MVP]
Matt said:I want to add security in ASP application.
When the user go to http://localhost/myproject/index.asp, I want it will pop
up an username/password authentication dialog box.
Here's the steps I did, but still not working.
1. In computer management, add an user "admin" that should have permission
to the page
2. In IIS console, right click the file index.asp, and click properties >
File Security > Edit, and click Edit button under Anonymous access, and add
user "admin" in Anonymous User Account window.
3. Uncheck Anonymous access check box
4. Click OK button
Then it should provide security access to index.asp only, but not other
files. But still not working either way. Please advise!
See the relevant article(s) for you OS/IIS:
IIS 5 Documentation
http://www.microsoft.com/windows2000/en/server/iis/
Microsoft Internet Information Server
Administration
Server Administration
Security
Authentication
Access Control
IIS 6 Documentation
http://www.microsoft.com/technet/pr...r2003/proddocs/standard/gs_authentication.asp
HOW TO: Configure IIS 5.0 Web Site Authentication in Windows 2000
http://support.microsoft.com/?id=310344
HOW TO: Configure User and Group Access on an Intranet in Windows 2000 or
Windows NT 4.0
http://support.microsoft.com/?id=325358
HOW TO: Configure IIS Web Site Authentication in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;324274
Make sure you disable simple file sharing in XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;304040
T
Tom Kaminski [MVP]
Ken Schaefer said:You need to:
a) uncheck the "Allow Anonymous Access" box
FWIW, I like to say "uncheck the 'Allow Anonymous Access' box AND/OR remove
IUSR_servername from the NTFS permissions on the content."
K
Ken Schaefer
If you just remove IUSR_<machinename> NTFS permissions, and you do not check
any of the other authentication mechanisms, you will just generate a HTTP
error (since the impersonated account can not get access, and you haven't
specified a method that the server will accept for accepting credentials
from the browser). By default IWA is also checked, so usually that would
work.
That's why I laid out several steps:
a) uncheck allow anonymous
b) check one of the *other* authentication mechanisms
c) adjust NTFS permissions so that the groups that are supposed to have
access have appropraite NTFS permissions (not just "anyone"
Cheers
Ken
: : > You need to:
: >
: > a) uncheck the "Allow Anonymous Access" box
:
: FWIW, I like to say "uncheck the 'Allow Anonymous Access' box AND/OR
remove
: IUSR_servername from the NTFS permissions on the content."
:
: --
: Tom Kaminski IIS MVP
: http://www.iistoolshed.com/ - tools, scripts, and utilities for running
IIS
: http://mvp.support.microsoft.com/
: http://www.microsoft.com/windowsserver2003/community/centers/iis/
:
:
:
any of the other authentication mechanisms, you will just generate a HTTP
error (since the impersonated account can not get access, and you haven't
specified a method that the server will accept for accepting credentials
from the browser). By default IWA is also checked, so usually that would
work.
That's why I laid out several steps:
a) uncheck allow anonymous
b) check one of the *other* authentication mechanisms
c) adjust NTFS permissions so that the groups that are supposed to have
access have appropraite NTFS permissions (not just "anyone"
Cheers
Ken
: : > You need to:
: >
: > a) uncheck the "Allow Anonymous Access" box
:
: FWIW, I like to say "uncheck the 'Allow Anonymous Access' box AND/OR
remove
: IUSR_servername from the NTFS permissions on the content."
:
: --
: Tom Kaminski IIS MVP
: http://www.iistoolshed.com/ - tools, scripts, and utilities for running
IIS
: http://mvp.support.microsoft.com/
: http://www.microsoft.com/windowsserver2003/community/centers/iis/
:
:
:
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.
Similar Threads
Forum statistics
Latest Threads
-
What are the key advantages of using a SaaS (Software as a Service) model for application development?
- Started by remotedevelopers
-
How to build a database-driven web page
- Started by av3mar1a153
-
Hola
- Started by luuciefer
-
Using a DTSX file with GoDaddy
- Started by IBMJunkman
-
Hello Everyone
- Started by welly
-
Problem with code
- Started by camilin05
-
How to get expertise in "cyber security" or from where to start for this?
- Started by independent
-
Arduino Chess Clock
- Started by ARDU_PROgrammER
-
What steps are the key steps involved in designing a product?
- Started by remotedevelopers