Network Security: Detailed info on Securing through the IIS web server domain logon

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Web-App-Sec

[Top] [All Lists]

Securing through the IIS web server domain logon

from [Koniszewski, Jeffrey] Network Security

[Permanent Link]

Subject:	Securing through the IIS web server domain logon
Date:	Tue, 17 Aug 2004 17:21:26 -0400

Our application provides security via an application logon and web application 
session. We layer lots of access control on top of the user session. The web 
server is set to serve up files via the iusr account, i.e. web server access is 
via anonymous logon.

We have a customer with high security needs that wants to restrict directory 
access on the web server to domain authenticated users (remove iusr access). 
This, as I understand it, would require the web server to prompt for domain 
authentication. Then file access on the web server would be via the 
authenticated domain user's account. However, our application still needs to 
authenticate the user as well. Actually, all we probably need is the user name. 
We have never set up to work this way. Is there a way to get the user name from 
the IIS domain logon? Is it accessible via the HTTP session? Thanks.

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Securing through the IIS web server domain logon, Koniszewski, Jeffrey <= Re: Securing through the IIS web server domain logon, Saqib . N . Ali Re: Securing through the IIS web server domain logon, Thomas Chiverton Re: Securing through the IIS web server domain logon, Ben Timby Re: Securing through the IIS web server domain logon, Matt Fisher RE: Securing through the IIS web server domain logon, Stan Guzik RE: Securing through the IIS web server domain logon, Michael Silk RE: Securing through the IIS web server domain logon, Michael Howard

Previous by Date:	mutual SSL proxy, Mark W. Webb
Next by Date:	Interesting article on how development and web centric architecture change peoples views of security, Mark Curphey
Previous by Thread:	mutual SSL proxy, Mark W. Webb
Next by Thread:	Re: Securing through the IIS web server domain logon, Saqib . N . Ali
Indexes:	[Date] [Thread] [Top] [All Lists]