Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

permissions on IIS 6.0


Guest

Recommended Posts

Please help.. I have posted several times and noone can seem to help me.

I do not have Cpanel... I am on an iis 6.0 server...

 

How do I protect my admin folder.

 

This is very crucial for me

Thanks so much!

Link to comment
Share on other sites

I'm hosting on IIS6 as well.

 

For my admin folder i disabled anonymous access, and enabled windows based authentication.

 

In IIS manager, right-click on the admin folder and select properties. next, click on the "document security" tab and where you see allow anonymous access, uncheck the box.

 

At the bottom, check the box next to "windows based ....... "

 

This will allow the catalog/admin folder to display a login prompt similar to that of when accessing a remote resource on a shared server. asking for a name and password...

 

For the user: i created a user in active directory and set a password. For security, i removed the user from all other groups except for the guests (domain guests?) group, as this user will not be using any shared resources or accessing any sharepoint applications.

 

So far this is working out just fine for my situation. Boss is happy, and business continues as normal :)

Link to comment
Share on other sites

Oh, another point... if you are in an environment with multiple admins, like I am... if you do take this course of action... in the description for the user, provide a detailed description, or a consulting contact number. so the others know what it's there for, and that noone's hacked the system :P

Link to comment
Share on other sites

Thanks that worked! I had tried something similar by right clicking on the actual folder and setting permissions but it kept messing up. This was much better. Thanks! One more thing... do you know how to make it say secure in admin? i do have ssl

Link to comment
Share on other sites

You're going to have to enable SSL for the entire server, right-click on the site you wish to enable it, and select properties. Next the document security. Next, click on the "Server Certificate" button and follow the steps on how to obtain a new SSL certificate, or import a currently existing certificate.

 

Once the server has a certificate installed, goto your admin directory and do the same thing. On the same tab (Document Security) there should also be a section for "Secure Communications" click on the edit button, check "require secure channel (SSL)" , and set the acceptance of certificates according to your needs.

 

In our case, we do not have SSL. there was no need for it, as our catalog site has no way of providing the customer with a way to place an order. Only thing the client can do it view what we have and email us about information. It's more of a more up-to-date version of our printed version of catalog that gets updated more often :)

 

I can only presume that this will work, as I have never put an ssl certificate on this server. when one of the higher-up admins comes in, i will ask her.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...