Recipe12.6.Configuring Web Permissions

Previous page
Table of content
Next page

Recipe 12.6. Configuring Web Permissions

Problem

You want to control access to content on your web server using web permissions.

Solution

Using a graphical user interface

To control access to content for all web sites on your server, do the following:

  1. Open Internet Information Services (IIS) Manager.

  2. In the left pane, right-click on the Web Sites node and select Properties.

  3. Select the Home Directory tab.

  4. Select the web permissions you want to allow and click OK.

  5. If the Inheritance Overrides dialog box appears, click Select All and click OK (repeat if this box appears again).

To control access to content in a particular web site, do the following:

  1. Open Internet Information Services (IIS) Manager.

  2. In the left pane, expand the Web Sites node, right-click on your web site, and select Properties.

  3. Select the Home Directory tab.

  4. Select the web permissions you want to allow and click OK.

  5. If the Inheritance Overrides dialog box appears, click Select All, and click OK (repeat if this box appears again).

To control access to content in a particular virtual directory, do the following:

  1. Open Internet Information Services (IIS) Manager.

  2. In the left pane, right-click on your web site, right-click on the virtual directory within it you want to control, and select Properties.

  3. Select the Virtual Directory tab.

  4. Select the web permissions you want to allow and click OK.

To control access to a particular file in a web site or virtual directory, do the following:

  1. Open Internet Information Services (IIS) Manager.

  2. In the left pane, right-click on your web site or virtual directory.

  3. Right-click on the file you want to restrict and select Properties.

  4. Select the File tab.

  5. Select the web permissions you want to allow and click OK.

Using VBScript
' This code configures web permissions on a web site. ' ------ SCRIPT CONFIGURATION ------ strComputer = "<ServerName>"  'e.g., web01 strSiteID = "<SiteID>"        'e.g., 1 ' ------ END CONFIGURATION --------- set objweb site = GetObject("IIS://" & strComputer & "/W3SVC/" & strSiteID) objweb site.AccessRead = True objweb site.AccessWrite = True objweb site.AccessSource = True objweb site.AccessScript = False objweb site.AccessExecute = False objweb site.SetInfo WScript.Echo "Successfully modified permissions for web site: " & _              objweb site.ServerComment ' This code configures web permissions on a virtual directory. ' ------ SCRIPT CONFIGURATION ------ strComputer = "<ServerName>"  'e.g., web01 strSiteID = "<SiteID>"        'e.g., 1 strVdir = "<VdirPath>"        'e.g., Root/employees ' ------ END CONFIGURATION --------- set objweb site = GetObject("IIS://" & strComputer & "/W3SVC/" & strSiteID) set objVdir = objweb site.GetObject("IISWebVirtualDir",strVdir) objVdir.AccessRead = True objVdir.AccessWrite = True objVdir.AccessSource = True objVdir.AccessScript = False objVdir.AccessExecute = False objVdir.SetInfo WScript.Echo "Successfully modified permissions for virtual directory: " & _              objVdir.Name

Discussion

Web permissions are a set of simple permissions that are applied equally to all users who try to access content on IIS. You specify web permissions for a site or virtual directory when you run the wizard to create that site or directory. Table 12-4 lists web permissions available in IIS.

Table 12-4. IIS web permissions

Web permission

Description

Read

Users can read or download files from the directory using a web browser.

Write

Users can modify or upload files to the directory using WebDAV clients.

Directory Browsing

Users can enumerate the files in the directory if no default document is defined or present.

Script Source Access

Users can read the code of ASP pages (if Read is enabled) or modify the code (if Write is enabled).

Execute Permissions

Controls whether scripts and other executable programs can run.


Web permissions are different from NTFS permissions in several ways. First, web permissions apply equally to all users who try to access content on IIS, while different users or groups can have different NTFS permissions applied to them depending on the need. Second, web permissions are defined at the virtual directory level while NTFS permissions are applied to physical directories. And third, NTFS permissions are far more granular than web permissions. Because of these differences, web permissions are mainly useful for controlling access to public Internet sites where visitors are anonymous. NTFS permissions on the other hand are important for controlling access to private intranet sites where users must be authenticated before they can access content.

While web permissions are useful, NTFS permissions should still be considered your first line of defense in controlling access to content on your web server. If NTFS and web permissions conflict, the most restrictive applies. So if you have open web permissions, but the underlying NTFS permissions are restricted, it will result in users not getting access to the content. Consider web permissions as a proxy to NTFS for web users.

See Also

MS KB 321506 (Web Permissions Behave Unexpectedly with Script Engines)


Previous page
Table of content
Next page
Windows Server Cookbook
Windows Server Cookbook for Windows Server 2003 and Windows 2000
ISBN: 0596006330
EAN: 2147483647
Year: 2006
Pages: 380
Authors: Robbie Allen
BUY ON AMAZON
High-Speed Signal Propagation[c] Advanced Black Magic
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
Service-Oriented Architecture (SOA): Concepts, Technology, and Design
Cultural Imperative: Global Trends in the 21st Century
Comparing, Designing, and Deploying VPNs
GDI+ Programming with C#
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy