Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.
Published byModified over 4 years ago
Presentation on theme: "Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake."— Presentation transcript:
Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake 9/1/2005
Access Control in IIS 6.0 IIS provides security measures to control user access to Web sites and FTP sites. The two main types of access controls are –IIS features (Web site permissions, IP address restrictions etc), controlled by IIS –NTFS permissions, controlled by the operating system
Ex: Configuring Access Control for a Web site Configuring IIS features: –Web site permissions Read, write permission etc. http://www.dcsl-uhcl.net/iisprop.jpg –IP address restrictions Assign access permission (grant or deny) to specific computers, groups of computers, or domains for accessing Web sites, directories, or files http://www.dcsl-uhcl.net/iisip.jpg
Contd.: Configuring Access Control for a Web site –Authentication Methods Anonymous Authentication –Public site (Ex- http://www.dcsl-uhcl.net/)http://www.dcsl-uhcl.net/ –Private site (Ex- http://www.dcsl-uhcl.net/private)http://www.dcsl-uhcl.net/private Basic Authentication Digest Authentication Advanced Digest authentication UNC authentication Integrated Windows Authentication.NET Passport Authentication Certificate authentication http://www.dcsl-uhcl.net/authentication.GIF
Authentication methods in IIS 6.0 Anonymous authentication: Allows everyone to access the public areas of a Web site, without asking for a user name or password. Basic authentication: Asks users for credentials( user name and password), which are sent unencrypted over the network. Digest authentication: Sends the passwords across the network as a hash value for additional security. Digest authentication is available only on domains with domain controllers running Windows server operating systems. Advanced Digest authentication: Identical to Digest authentication, except that it stores the client credentials as a Message Digest (MD5) hash in Active Directory the domain controller running Windows Server 2003.
Authentication methods in IIS 6.0 Integrated Windows authentication: Generates hash values of user names and passwords before sending them over the network. UNC authentication: Passes users' credentials through to the computer with the Universal Naming Convention (UNC) share..NET Passport Authentication: Provides Web site users to create a single sign-in name and password to access all.NET Passport–enabled Web sites and services..NET Passport– enabled sites rely on the.NET Passport central server to authenticate users. Certificate authentication: Uses Secure Sockets Layer (SSL) certificates to authenticate servers and clients.
Contd.: Configuring Access Control for a Web site Configuring NTFS permissions –Assign permissions (read, write, execute etc.) to groups/users for accessing file and directory –http://www.dcsl-uhcl.net/filepermission.jpghttp://www.dcsl-uhcl.net/filepermission.jpg
Certificate authentication Certificates are a form of digital identification for a server. http://www.dcsl-uhcl.net/certificate.jpg Server Certificates –Obtain, Install server certificate and Configuring a List of Trusted Certification Authorities Client Certificates –Configure the web site to require user’s certificate, who are attempting to access the site in order to protect the server from unauthorized access. –Any user with a valid and trusted client certificate can establish a secure connection and access the resource.