Folder permissions and ASP logins

Results 1 to 2 of 2

Thread: Folder permissions and ASP logins

  1. #1
    Join Date
    Dec 1969

    Default Folder permissions and ASP logins

    Hi<BR><BR>I have a little bit of a tricky situation I am trying to work around on our Win2000 IIS5 system.<BR><BR>Our client has requested that thier /images directory is read only for general Internet users but that it has read/write permissions for both files and folders for people whom have logged in correctly using the bespoke CMS system which should allow them to create/upload/delete files and folders to the images directory.<BR><BR>Now the problem is that anyone accessing the website is automatically logged as a USR_INTERNETUSER user and gets a permission denied error when they try to access anything in the images directory (even spacer images). If I switch off the permissions on this directory then it works fine but does not carry that extra security (no write/modify) for the logged in CMS users.<BR><BR>I have tried using a varying cocktail of permission settings on the folders without success and was wondering if there was any way of creating two different users (one would be the general internet user), one with read only on the folder and the other as read/write and have the ASP scripts change the NT level user if correctly logged in?<BR><BR>Any help in this regard would be appreciated.<BR><BR>Regards

  2. #2
    Join Date
    Dec 1969

    Default Here is an idea

    You will need 2 sites. 1 for the people who desing (DEV) and 1 for the public (PUB).<BR>Both will point to the same folder. The PUB will do anonyumous AUTH and the DEV will do BASIC AUTH (require people&#039;s passwords).<BR>This way the DEV people will no longer be IUSR when they logon and will be able to do their changes.<BR><BR>As you mentioned in your post the NTFS permissions will be a major pain.<BR>Here is waht I suggest:<BR><BR>The IUSR should have only read permissions (the quickest way of achieving this is by clicking the DENY WRITE for the IUSR(works every time). The DENY will override any ALLOW that you will set after that.<BR>The users who are actually allowed to change the site should have change permissions. Don&#039;t give them FULL (no real reason), any extra they do not need is one step closer to your end.<BR><BR>Name the sites something like PUB: and (it very inportant to ahve both as many people do not understand that the 2 can be different)<BR>DEV : changing dev to something weird might also be a good idea, makes it harder for the bad elements to find by mistake.<BR><BR>Hope this helps.<BR>If you have any ather questions feel free to post them here and one of us will answer.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts