[thelist] IIS Directory Security Inheritance

Ken Schaefer Ken at adOpenStatic.com
Thu Oct 19 07:06:14 CDT 2006


: -----Original Message-----
: From: thelist-bounces at lists.evolt.org [mailto:thelist-
: bounces at lists.evolt.org] On Behalf Of Robert Gormley
: Sent: Thursday, 19 October 2006 1:51 PM
: To: thelist at lists.evolt.org
: Subject: Re: [thelist] IIS Directory Security Inheritance
: 
: Started a new IE instance each time.

That's not what I asked. Is the unsecured page the first page that you visit
in your session, or have you already visited a page that requires
username/password?


: The folder has NTFS permissions to read.

?!? NTFS permissions for /which/ user or group?


: On further investigation, it appears that it is a symptom
: of SSL. Allowing unsecured (but authentication controlled as
: desired originall) access to the resource works perfectly.
: Switch on SSL, and IIS seems to ignore the subdirectory
: permissions.

I strongly doubt this has anything to do with it.

Can you post the relevant IIS logfile entries as well?

Cheers
Ken



: Hrm.
: 
: Rob
: 
: On Thu, 19 Oct 2006 12:30:55 +1000
:   "Ken Schaefer" <Ken at adOpenStatic.com> wrote:
: > What did you set for the NTFS file permissions?
: >
: > Did you access a restricted file/folder prior to
: >browsing to the anonymous
: > file?
: >
: > THanks
: >
: > Cheers
: > Ken
: >
: > --
: > My Blog: www.adOpenStatic.com/cs/blogs/ken
: >
: >
: > : -----Original Message-----
: > : From: thelist-bounces at lists.evolt.org [mailto:thelist-
: > : bounces at lists.evolt.org] On Behalf Of Robert Gormley
: > : Sent: Thursday, 19 October 2006 12:02 PM
: > : To: thelist at lists.evolt.org
: > : Subject: [thelist] IIS Directory Security Inheritance
: > :
: > : Hi all,
: > :
: > : Using IIS6, I have a web site that has
: >authenticated-only
: > : access (Basic) enabled. I want to make one directory
: > : authentication-free. No problem, think I - I set it's
: > : directory permissions in IIS Manager to enable
: >Anonymous,
: > : disable Basic, and do the same for file permissions on
: >the
: > : two files within.
: > :
: > : No dice. I still get prompted when browing to
: > : https://site/blah/
: > :
: > : Seems logical, and indeed if I "test" by trying to
: >turn
: > : off auth at the site level, it tells me that "blah",
: > : "blah/file.html" have different permissions, do I
: > : override, so it definitely seems right, but it's
: > : definitely picking up site permissions and using them.
: > :
: > : Am I missing something, or do I need to make the site
: > : anonymous, and all the root dirs/files authenticated?
: >
: > --
: >
: > * * Please support the community that supports you.  * *
: > http://evolt.org/help_support_evolt/
: >
: >For unsubscribe and other options, including the Tip
: >Harvester
: > and archives of thelist go to: http://lists.evolt.org
: > Workers of the Web, evolt !
: 
: --
: 
: * * Please support the community that supports you.  * *
: http://evolt.org/help_support_evolt/
: 
: For unsubscribe and other options, including the Tip Harvester
: and archives of thelist go to: http://lists.evolt.org
: Workers of the Web, evolt !



More information about the thelist mailing list