General discussion

Locked

IIS 6 Basic Authentication and Server Cert

By Navy Moose ·
I have a Dell Poweredge 2650 running Windows 2003 Enterprise Server. This server is a microsite server, with IIS being configured as name based, meaning it uses host headers in order to deliver the correct webpage.

Attached to one of the websites is a content management utility. It is accessed by www.abc.com/admin. The customer wants to use Integrated Authentication. MS does not recommend using Integrated Authentication over the Internet. I was able to get it to work with Basic Authentication.

I am hesitant in using Basic Authentication because it transmits the password in the clear. I spoke to Dell and the technician I spoke with said I could use a server cert to make this more secure.

I looked in Windows 2003 Administrators Companion and I could not find a way to apply a certificate to a directory in IIS.

If this is not possible, do any of you know a way to make this a more secure connection, please let me know. My ideas are to restrict access to the directory by IP address. I have to find out from my customer if his agency is using static or dynamic IPs for this to be possible. I created a user account that is in the users group for the agency to use. This way, it will limit the amount of damage someone can do if they interept the password.

Thank you for your assistance.

This conversation is currently closed to new comments.

0 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Back to Windows Forum
0 total posts (Page 1 of 1)  

Related Discussions

Related Forums