Access Control in IIS 6.0 - PowerPoint PPT Presentation

1 / 10
About This Presentation
Title:

Access Control in IIS 6.0

Description:

.NET Passport Authentication: Provides Web site users to create a single sign-in ... Obtain, Install server certificate and Configuring a List of Trusted ... – PowerPoint PPT presentation

Number of Views:65
Avg rating:3.0/5.0
Slides: 11
Provided by: UHCL
Category:

less

Transcript and Presenter's Notes

Title: Access Control in IIS 6.0


1
Access Control in IIS 6.0
  • Windows 2003 Server

Prepared by- Shamima Rahman School of Science and
Computer Engineering University of Houston -
Clear Lake 9/1/2005
2
Access Control in IIS 6.0
  • IIS provides security measures to control user
    access to Web sites and FTP sites.
  • The two main types of access controls are
  • IIS features (Web site permissions, IP address
    restrictions etc), controlled by IIS
  • NTFS permissions, controlled by the operating
    system

3
Ex Configuring Access Control for a Web site
  • Configuring IIS features
  • Web site permissions
  • Read, write permission etc.
  • http//www.dcsl-uhcl.net/iisprop.jpg
  • IP address restrictions
  • Assign access permission (grant or deny) to
    specific computers, groups of computers, or
    domains for accessing Web sites, directories, or
    files
  • http//www.dcsl-uhcl.net/iisip.jpg

4
Contd. Configuring Access Control for a Web site
  • Authentication Methods
  • Anonymous Authentication
  • Public site (Ex- http//www.dcsl-uhcl.net/)
  • Private site
  • (Ex- http//www.dcsl-uhcl.net/private)
  • Basic Authentication
  • Digest Authentication
  • Advanced Digest authentication
  • UNC authentication
  • Integrated Windows Authentication
  • .NET Passport Authentication
  • Certificate authentication
  • http//www.dcsl-uhcl.net/authentication.GIF

5
Authentication methods in IIS 6.0
  • Anonymous authentication Allows everyone to
    access the public areas of a Web site, without
    asking for a user name or password.
  • Basic authentication Asks users for credentials(
    user name and password), which are sent
    unencrypted over the network.
  • Digest authentication Sends the passwords across
    the network as a hash value for additional
    security. Digest authentication is available only
    on domains with domain controllers running
    Windows server operating systems.
  • Advanced Digest authentication Identical to
    Digest authentication, except that it stores the
    client credentials as a Message Digest (MD5) hash
    in Active Directory the domain controller running
    Windows Server 2003.

6
Authentication methods in IIS 6.0
  • Integrated Windows authentication Generates hash
    values of user names and passwords before sending
    them over the network.
  • UNC authentication Passes users' credentials
    through to the computer with the Universal Naming
    Convention (UNC) share.
  • .NET Passport Authentication Provides Web site
    users to create a single sign-in name and
    password to access all .NET Passportenabled Web
    sites and services. .NET Passportenabled sites
    rely on the .NET Passport central server to
    authenticate users.
  • Certificate authentication Uses Secure Sockets
    Layer (SSL) certificates to authenticate servers
    and clients.

7
Contd. Configuring Access Control for a Web site
  • Configuring NTFS permissions
  • Assign permissions (read, write, execute etc.) to
    groups/users for accessing file and directory
  • http//www.dcsl-uhcl.net/filepermission.jpg

8
Access Control Process
9
Certificate authentication
  • Certificates are a form of digital identification
    for a server.
  • http//www.dcsl-uhcl.net/certificate.jpg
  • Server Certificates
  • Obtain, Install server certificate and
    Configuring a List of Trusted Certification
    Authorities
  • Client Certificates
  • Configure the web site to require users
    certificate , who are attempting to access the
    site in order to protect the server from
    unauthorized access.
  • Any user with a valid and trusted client
    certificate can establish a secure connection and
    access the resource.

10
References
  • http//www.microsoft.com/technet/prodtechnol/Windo
    wsServer2003/Library/IIS/848968f3-baa0-46f9-b1e6-e
    f81dd09b015.mspx
Write a Comment
User Comments (0)
About PowerShow.com