windows 密码保护 IIS 目录
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/622061/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Password Protect IIS directory
提问by
I'm looking for a way to password protect a directory in IIS. I'm aware that the standard answer to this is to create a windows user account for this directory, then give that user read permissions on the directory... but my concern is that by creating a windows user, won't that give them permissions to do stuff like login to the computer (remote desktop), ftp in to the server, and all kinds of other stuff? I.E is there a way to create such a limited user that the only thing they can do is just view a web page in that password protected directory?
我正在寻找一种方法来密码保护 IIS 中的目录。我知道对此的标准答案是为此目录创建一个 Windows 用户帐户,然后授予该用户对该目录的读取权限......但我担心的是,通过创建一个 Windows 用户,不会给他们做一些事情的权限,比如登录到计算机(远程桌面),ftp 到服务器,以及各种其他的东西?IE 有没有办法创建这样一个受限用户,以至于他们唯一能做的就是查看该密码保护目录中的网页?
回答by Fraser
It is the standard answer for a reason...It is the best way to do it. A user account is limited by default and does not have permission to remote-in unless you explicitly set it to so don't worry about that. Also the any FTP service should be running in isolation and as such there would be no log-in for the account. If all you wish to do is protect the directory then just make sure it is read-only and that anonymous access is disabled.
出于某种原因,这是标准答案......这是最好的方法。用户帐户在默认情况下受到限制并且没有远程登录权限,除非您明确将其设置为如此,因此不必担心。此外,任何 FTP 服务都应该独立运行,因此该帐户将不会登录。如果您只想保护目录,那么只需确保它是只读的并且禁用匿名访问。
Also, creating a user account also has other benefits such as letting you monitor events for the account in the event-log and letting you choose a strong, secure password.
此外,创建用户帐户还有其他好处,例如让您可以在事件日志中监控帐户的事件,并让您选择一个强大的、安全的密码。
The other way would be to secure the page with a simple log-in cgi script (eg. perl, php, asp, etc) and if you only have one account to add then this would be trivial to do.
另一种方法是使用简单的登录 cgi 脚本(例如 perl、php、asp 等)来保护页面,如果您只有一个帐户要添加,那么这将是微不足道的。
回答by Darin Dimitrov
You can enable basic authenticationfor this directory by setting up username and password.
您可以通过设置用户名和密码来为此目录启用基本身份验证。
回答by inazaruk
First of all, you have full control over created user. You can easily deny remote login (it's actually denied by default, but don't trust me and check the documentation).
首先,您可以完全控制创建的用户。您可以轻松拒绝远程登录(默认情况下实际上是拒绝的,但不要相信我并查看文档)。
Second, "password protect" thing is not correct approach, cause system has built in way for access control - use that, it's tested and it's reliable.
其次,“密码保护”不是正确的方法,因为系统已经内置了访问控制的方式 - 使用它,它已经过测试并且是可靠的。
And for core question: i think you can try to limit user permissions to the level, when they can only login locally and see only one directory. But there is no way to prevent them of having read permissions on Windows folder (for example), as this folder is required for booting the OS and loggin in.
对于核心问题:我认为您可以尝试将用户权限限制在某个级别,当他们只能在本地登录并且只能看到一个目录时。但是没有办法阻止他们对 Windows 文件夹具有读取权限(例如),因为该文件夹是启动操作系统和登录所必需的。
回答by kemiller2002
No you can restrict the user from being able to do other options. When you create the user in the User Administration panel, there are several options you can set. One is not allowing remote login. I'm a little hazy on how the ftp service works on Windows, but I am sure it can be restricted also. The key is going to be making sure that it doesn't get added to any groups which has access that you don't want that user to have.
不,您可以限制用户执行其他选项。在“用户管理”面板中创建用户时,可以设置多个选项。一是不允许远程登录。我对 ftp 服务在 Windows 上的工作方式有点模糊,但我相信它也可以受到限制。关键是确保它不会被添加到任何您不希望该用户拥有访问权限的组中。
