O'Reilly logo

Practical Internet Groupware by Jon Udell

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Protecting Scripts in IIS

To protect a script in IIS, find the script file in the Explorer, revoke the anonymous user’s permission to read the script file, and grant the desired user or group permission. That’s not all, though. You also have to find the script file in the MMC, do right-click Properties File Security Anonymous Access and Authentication Control Edit, and uncheck Allow Anonymous Access. Otherwise, the anonymous user will try to read the script file in order to execute it, and that access will fail before any further authentication can occur.

Unlike Apache’s approach to access control, IIS’ can be file oriented as well as directory oriented. That means you can store differently authenticated scripts in a common directory. But you still can’t use a single script protected in this way to serve multiple docbases to different audiences. Conventional HTTP authentication, whether it’s applied to statically served files or to scripts that serve files dynamically, is an all-or-none game. Either you can see a file, or you can’t. Either you can run a script, or you can’t.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required