Hey all. I’m trying to restrict access to a folder within a website so only one user has access. Here’s the problem:
Let’s say the website I’ve created in IIS points to d:\webs\mydomain.com\wwwroot. Permissions on this folder are
SYSTEM and ADMINISTRATORS: Full Control
IUSER_MACHINE: Read/Execute
The folder I want to secure is d:\webs\mydomain.com\wwwroot\intranet. Permissions here same as above, plus:
TESTUSER: Full Control
So, I turn off Anonymous access and enable Basic Authentication ONLY for the /intranet folder within IIS. Now, if I try to access http://mydomain.com/intranet, I am prompted for a username and password (duh). But, I log in as TESTUSER and it prompts me again! Like TESTUSER doesn’t have access.
Now, I grant TESTUSER READ/EXECUTE access to the root (d:\webs\mydomain.com\wwwroot) and now I can log in to http://mydomain.com/intranet with full control. Is there some issue with IIS where a user must have at least READ access to the root webbefore they can be granted any access to a subfolder?