[thelist] IIS Directory Security Inheritance

Robert Gormley robert at pennyonthesidewalk.com
Thu Oct 19 19:14:58 CDT 2006

On Thu, 19 Oct 2006 22:06:14 +1000
  "Ken Schaefer" <Ken at adOpenStatic.com> wrote:

> : The folder has NTFS permissions to read.
> ?!? NTFS permissions for /which/ user or group?

"Users" group has Read & Execute, List Folder Contents, 
Read permissions.

> : On further investigation, it appears that it is a 
> : of SSL. Allowing unsecured (but authentication 

> I strongly doubt this has anything to do with it.

You'd be correct - I have since ruled this out.

> Can you post the relevant IIS logfile entries as well?

This is where it gets interesting - this is the only entry 
recorded when attempting to browse the content that 
otherwise gives a 401.2 error:

#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2006-10-20 00:02:29
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query 
s-port cs-username c-ip cs(User-Agent) sc-status 
sc-substatus sc-win32-status
2006-10-20 00:02:29 10.x.x.x GET /_vti_bin/owssvr.dll - 
443 - 10.y.y.y 
401 2 2148074254
2006-10-20 00:04:24 10.x.x.x GET /_vti_bin/owssvr.dll - 
443 - 10.y.y.y 
401 2 2148074254

the url attempting be retrieved is /Welcome/ so this is 
odd. As I mentioned, the only thing coming to mind is 
Sharepoint / .net application - same test on a different 
web site instance that I used to rule out SSL seems to 
confirm this, as specifying that the subdirectory does not 
need SSL and attempting to browse to it results in a 403.4 
Forbidden: SSL is required error... so I am guessing that 
something in the root server config, or such, is 
preventing IIS recognising overriden child values.


More information about the thelist mailing list