|
Related Topics:
| Newbie security issue? - Hi, I just got a new ISP that gave me a fixed IP, so I thought I'd give a try to IIS 5.1, running on XP pro. I put together some stuff and threw it into the default web server. Now I can see the pages if I enter the private address of my
Login security issue. - I've setup an ASP page to allow users to change their password from a website in ADS. The script I have is working, I can change the password, then login with a with the new password and the old password won't work. However, if I connect..
401.3 Anonymous only security ACL issue - Hi all, I have been searching for an answer on this but can't quite seem to pin it down. I have a Windows 2003 64-bit server running IIS 6.0. I have set the Directory Security at the root level (Web Sites down) with the Enable
IIS Integrated security login issue. - 2003 and share point services 2.0 We also have our dns zone listed as a trusted intranet site inside internet explorer. The root website is set for anonymous access. There are multiple sub web sites that are also open except for some
IIS Security Issue w/ website users - I'm a very strange problem which I believe is w/ Frontpage Server Some users of our internal intranet site, get windows user and password prompts when they try to access office files. If the user clicks cancel, the ..
|
|
| Author |
Message |
External
Since: Apr 14, 2005
Posts: 4
|
(Msg. 1) Posted: Fri Feb 01, 2008 2:10 pm
Post subject: IIS/ASP Security Issue -- Please help!
Archived from groups: microsoft>public>inetserver>iis (more info?)
|
|
|
Someone please help me with this perplexing access problem. I've been
struggling all day with it. Here's the scenario: Windows 2003, IIS6,
running Classic ASP application, with basic authentication against our
domain. I've given "engineering users" access to the wwwroot for the site.
So fine, they can access the ASP pages in the site, no problem. However, I
want to give another group "sales group" (same domain) access to just a
certain subfolder of the site (but not the rest of the site). So I added
their group to the subfolder ACL. However, they cannot access the ASP files
in that subfolder (401.3 error) unless I grant them access to the wwroot
(parent) folder, which I don't want to do. What's strange is that they can
access HTML or ASPX files in their subfolder. Just not ASP. Something
about ASP files that wants to look at the wwwroot ACL. I tried to limit
their wwwroot level access, like just granting traverse and list access, but
IIS wants full read access on the root, propagated down. Any ideas how to
fix this while keeping the security tight? Thanks! |
|
| Back to top |
|
 | |
External
Since: Dec 07, 2007
Posts: 4
|
(Msg. 2) Posted: Tue Feb 05, 2008 2:54 pm
Post subject: Re: IIS/ASP Security Issue -- Please help! [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
On Feb 1, 4:10 pm, "Paul" <pstah....RemoveThis@yahoo.com> wrote:
> Someone please help me with this perplexing access problem. I've been
> struggling all day with it. Here's the scenario: Windows 2003, IIS6,
> running Classic ASP application, with basic authentication against our
> domain. I've given "engineering users" access to the wwwroot for the site.
> So fine, they can access the ASP pages in the site, no problem. However, I
> want to give another group "sales group" (same domain) access to just a
> certain subfolder of the site (but not the rest of the site). So I added
> their group to the subfolder ACL. However, they cannot access the ASP files
> in that subfolder (401.3 error) unless I grant them access to the wwroot
> (parent) folder, which I don't want to do. What's strange is that they can
> access HTML or ASPX files in their subfolder. Just not ASP. Something
> about ASP files that wants to look at the wwwroot ACL. I tried to limit
> their wwwroot level access, like just granting traverse and list access, but
> IIS wants full read access on the root, propagated down. Any ideas how to
> fix this while keeping the security tight? Thanks!
Is there anything in the .ASP pages that are trying to access files
outside the sub directory you have given access to them?
Larry |
|
| Back to top |
|
| |
External
Since: Apr 14, 2005
Posts: 4
|
(Msg. 3) Posted: Tue Feb 05, 2008 11:19 pm
Post subject: Re: IIS/ASP Security Issue -- Please help! [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
No, even if I put an empty.asp file there, it still exhibits the problem.
"daKernel" <heintz.larry.TakeThisOut@gmail.com> wrote in message
news:ecc17d5d-d247-4870-b49b-7edfa857cae2@m34g2000hsf.googlegroups.com...
On Feb 1, 4:10 pm, "Paul" <pstah....TakeThisOut@yahoo.com> wrote:
> Someone please help me with this perplexing access problem. I've been
> struggling all day with it. Here's the scenario: Windows 2003, IIS6,
> running Classic ASP application, with basic authentication against our
> domain. I've given "engineering users" access to the wwwroot for the site.
> So fine, they can access the ASP pages in the site, no problem. However, I
> want to give another group "sales group" (same domain) access to just a
> certain subfolder of the site (but not the rest of the site). So I added
> their group to the subfolder ACL. However, they cannot access the ASP
> files
> in that subfolder (401.3 error) unless I grant them access to the wwroot
> (parent) folder, which I don't want to do. What's strange is that they can
> access HTML or ASPX files in their subfolder. Just not ASP. Something
> about ASP files that wants to look at the wwwroot ACL. I tried to limit
> their wwwroot level access, like just granting traverse and list access,
> but
> IIS wants full read access on the root, propagated down. Any ideas how to
> fix this while keeping the security tight? Thanks!
Is there anything in the .ASP pages that are trying to access files
outside the sub directory you have given access to them?
Larry >> Stay informed about: IIS/ASP Security Issue -- Please help! |
|
| Back to top |
|
| |
External
Since: Dec 07, 2007
Posts: 4
|
(Msg. 4) Posted: Wed Feb 06, 2008 10:20 am
Post subject: Re: IIS/ASP Security Issue -- Please help! [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
On Feb 6, 1:19 am, "Paul" <pstah... RemoveThis @yahoo.com> wrote:
> No, even if I put an empty.asp file there, it still exhibits the problem.
>
> "daKernel" <heintz.la... RemoveThis @gmail.com> wrote in message
>
> news:ecc17d5d-d247-4870-b49b-7edfa857cae2@m34g2000hsf.googlegroups.com...
> On Feb 1, 4:10 pm, "Paul" <pstah... RemoveThis @yahoo.com> wrote:
>
>
>
>
>
> > Someone please help me with this perplexing access problem. I've been
> > struggling all day with it. Here's the scenario: Windows 2003, IIS6,
> > running Classic ASP application, with basic authentication against our
> > domain. I've given "engineering users" access to the wwwroot for the site.
> > So fine, they can access the ASP pages in the site, no problem. However, I
> > want to give another group "sales group" (same domain) access to just a
> > certain subfolder of the site (but not the rest of the site). So I added
> > their group to the subfolder ACL. However, they cannot access the ASP
> > files
> > in that subfolder (401.3 error) unless I grant them access to the wwroot
> > (parent) folder, which I don't want to do. What's strange is that they can
> > access HTML or ASPX files in their subfolder. Just not ASP. Something
> > about ASP files that wants to look at the wwwroot ACL. I tried to limit
> > their wwwroot level access, like just granting traverse and list access,
> > but
> > IIS wants full read access on the root, propagated down. Any ideas how to
> > fix this while keeping the security tight? Thanks!
>
> Is there anything in the .ASP pages that are trying to access files
> outside the sub directory you have given access to them?
>
> Larry- Hide quoted text -
>
> - Show quoted text -
Create a virtual directory for the directory you want to give them
access to and see if that resolves the issue.
Larry >> Stay informed about: IIS/ASP Security Issue -- Please help! |
|
| Back to top |
|
| |
External
Since: Apr 14, 2005
Posts: 4
|
(Msg. 5) Posted: Wed Feb 06, 2008 12:28 pm
Post subject: Re: IIS/ASP Security Issue -- Please help! [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Problem is that there is more than one directory. It's several spots
throughout. If I knew how to open up just the right security (perhaps on
root only), that would be ideal. Thanks for your help.
"daKernel" <heintz.larry DeleteThis @gmail.com> wrote in message
news:7e14c61c-5723-44bf-a22b-7160c84675ff@j20g2000hsi.googlegroups.com...
On Feb 6, 1:19 am, "Paul" <pstah... DeleteThis @yahoo.com> wrote:
> No, even if I put an empty.asp file there, it still exhibits the problem.
>
> "daKernel" <heintz.la... DeleteThis @gmail.com> wrote in message
>
> news:ecc17d5d-d247-4870-b49b-7edfa857cae2@m34g2000hsf.googlegroups.com...
> On Feb 1, 4:10 pm, "Paul" <pstah... DeleteThis @yahoo.com> wrote:
>
>
>
>
>
> > Someone please help me with this perplexing access problem. I've been
> > struggling all day with it. Here's the scenario: Windows 2003, IIS6,
> > running Classic ASP application, with basic authentication against our
> > domain. I've given "engineering users" access to the wwwroot for the
> > site.
> > So fine, they can access the ASP pages in the site, no problem. However,
> > I
> > want to give another group "sales group" (same domain) access to just a
> > certain subfolder of the site (but not the rest of the site). So I added
> > their group to the subfolder ACL. However, they cannot access the ASP
> > files
> > in that subfolder (401.3 error) unless I grant them access to the wwroot
> > (parent) folder, which I don't want to do. What's strange is that they
> > can
> > access HTML or ASPX files in their subfolder. Just not ASP. Something
> > about ASP files that wants to look at the wwwroot ACL. I tried to limit
> > their wwwroot level access, like just granting traverse and list access,
> > but
> > IIS wants full read access on the root, propagated down. Any ideas how
> > to
> > fix this while keeping the security tight? Thanks!
>
> Is there anything in the .ASP pages that are trying to access files
> outside the sub directory you have given access to them?
>
> Larry- Hide quoted text -
>
> - Show quoted text -
Create a virtual directory for the directory you want to give them
access to and see if that resolves the issue.
Larry >> Stay informed about: IIS/ASP Security Issue -- Please help! |
|
| Back to top |
|
| |
|
FAQ
Search
Profile
Private Messages
Log in/Register/Password
