G
Guest
Hi, I've just read
http://www.microsoft.com/technet/pr...technologies/iis/deploy/confeat/permmaze.mspx
and this article doesn't correspond to my testing with IIS on XP Pro, SP2.
I find that when Basic or Integrated Windows auth is applied, only the
permissions of the directory containing the file are interpreted, not the
permissions on the file itself.
That is, if I virtual directory to an NTFS directory with read permissions
for jack and jill, and place a file in that directory with read only for
jill, the following happens:
1. Jack is unable to access the file on disk.
2. Jack is able to access the file over authenticated HTTP.
Is there a setting I can place somewhere that enables fully granular
security for IIS?
http://www.microsoft.com/technet/pr...technologies/iis/deploy/confeat/permmaze.mspx
and this article doesn't correspond to my testing with IIS on XP Pro, SP2.
I find that when Basic or Integrated Windows auth is applied, only the
permissions of the directory containing the file are interpreted, not the
permissions on the file itself.
That is, if I virtual directory to an NTFS directory with read permissions
for jack and jill, and place a file in that directory with read only for
jill, the following happens:
1. Jack is unable to access the file on disk.
2. Jack is able to access the file over authenticated HTTP.
Is there a setting I can place somewhere that enables fully granular
security for IIS?