Administering an ISP Installation |
You might need to restrict access to some of your Web sites, or to portions of them. For example, you might want to restrict most of a site’s content to members only, while allowing the general public to see just a generic page containing a submission form in order to join the site. You can restrict a site’s content in several ways:
Because this method is not completely reliable, use it only for sites that contain nonsensitive information.
You can also restrict content of a site simply by setting a DACL that denies access to the anonymous user, but that allows access to authenticated users.
You can set a single password for all users or you can attach it to a database. This method, however, will prevent you from setting Windows DACLs. As a result, someone knowing a URL could bypass the password (except for the ASP content, which can check within each script). For more information, see Security in this book.
Creating your own ISAPI authentication filter becomes more complex if you need to restrict different areas of the site to different groups of people. You can set this configuration up through an ISAPI script or a script in ASP pages, or you can create Windows accounts. For information about setting up an ISAPI filter, see the “Installing ISAPI Filters” topic in the IIS 5.0 online product documentation.