[thelist] IIS Directory Security Inheritance

Ken Schaefer Ken at adOpenStatic.com
Fri Oct 20 08:32:16 CDT 2006

: -----Original Message-----
: From: thelist-bounces at lists.evolt.org [mailto:thelist-
: bounces at lists.evolt.org] On Behalf Of Robert Gormley
: Sent: Friday, 20 October 2006 10:28 AM
: To: thelist at lists.evolt.org
: Subject: Re: [thelist] IIS Directory Security Inheritance
: On Fri, 20 Oct 2006 10:14:58 +1000
:   "Robert Gormley" <robert at pennyonthesidewalk.com> wrote:
: > the url attempting be retrieved is /Welcome/ so this is
: > odd. As I mentioned, the only thing coming to mind is
: > Sharepoint / .net application - same test on a different
: Bingo. Some digging, and Define Managed Paths > Exclude
: Path results in IIS handling permissions and
: authentication policies as expected.

Sorry - I've been on the road, so unable to follow the thread.

Sharepoint (WSS, Portal, etc) implements its own internal security mechanisms
- you defined authors, browsers, administrators etc within Sharepoint.
Sharepoint uses an ISAPI filter to intercept all incoming HTTP requests to
"extended" websites, and routes them through its own internal security
system. As you've discovered, you can have Sharepoint ignore certain requests
(and have them handled through the normal IIS processing pipeline) if you add
them as "excluded" paths (or remove the Sharepoint extensions from the
website altogether)


My Blog: www.adOpenStatic.com/cs/blogs/ken

More information about the thelist mailing list