Recipe 12.6. Configuring Web PermissionsProblemYou want to control access to content on your web server using web permissions. SolutionUsing a graphical user interfaceTo control access to content for all web sites on your server, do the following:
To control access to content in a particular web site, do the following:
To control access to content in a particular virtual directory, do the following:
To control access to a particular file in a web site or virtual directory, do the following:
Using VBScript' This code configures web permissions on a web site. ' ------ SCRIPT CONFIGURATION ------ strComputer = "<ServerName>" 'e.g., web01 strSiteID = "<SiteID>" 'e.g., 1 ' ------ END CONFIGURATION --------- set objweb site = GetObject("IIS://" & strComputer & "/W3SVC/" & strSiteID) objweb site.AccessRead = True objweb site.AccessWrite = True objweb site.AccessSource = True objweb site.AccessScript = False objweb site.AccessExecute = False objweb site.SetInfo WScript.Echo "Successfully modified permissions for web site: " & _ objweb site.ServerComment ' This code configures web permissions on a virtual directory. ' ------ SCRIPT CONFIGURATION ------ strComputer = "<ServerName>" 'e.g., web01 strSiteID = "<SiteID>" 'e.g., 1 strVdir = "<VdirPath>" 'e.g., Root/employees ' ------ END CONFIGURATION --------- set objweb site = GetObject("IIS://" & strComputer & "/W3SVC/" & strSiteID) set objVdir = objweb site.GetObject("IISWebVirtualDir",strVdir) objVdir.AccessRead = True objVdir.AccessWrite = True objVdir.AccessSource = True objVdir.AccessScript = False objVdir.AccessExecute = False objVdir.SetInfo WScript.Echo "Successfully modified permissions for virtual directory: " & _ objVdir.Name DiscussionWeb permissions are a set of simple permissions that are applied equally to all users who try to access content on IIS. You specify web permissions for a site or virtual directory when you run the wizard to create that site or directory. Table 12-4 lists web permissions available in IIS.
Web permissions are different from NTFS permissions in several ways. First, web permissions apply equally to all users who try to access content on IIS, while different users or groups can have different NTFS permissions applied to them depending on the need. Second, web permissions are defined at the virtual directory level while NTFS permissions are applied to physical directories. And third, NTFS permissions are far more granular than web permissions. Because of these differences, web permissions are mainly useful for controlling access to public Internet sites where visitors are anonymous. NTFS permissions on the other hand are important for controlling access to private intranet sites where users must be authenticated before they can access content. While web permissions are useful, NTFS permissions should still be considered your first line of defense in controlling access to content on your web server. If NTFS and web permissions conflict, the most restrictive applies. So if you have open web permissions, but the underlying NTFS permissions are restricted, it will result in users not getting access to the content. Consider web permissions as a proxy to NTFS for web users. See AlsoMS KB 321506 (Web Permissions Behave Unexpectedly with Script Engines) |