Shulou(Shulou.com)05/31 Report--

This article mainly explains "what is the method of IIS server permissions". The content of the explanation is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "what is the method of IIS server permissions".

We know that when using the IIS server, we can use that you can grant Web server permissions to specific websites, folders, and files on the server. Unlike NTFS file system permissions, which apply only to specific users or groups of users with valid Windows accounts, Web server permissions apply to all users who access the site, regardless of their specific access rights.

By default, Web access uses the IUSR_computername account. When you install the IIS server, the IUSER_computername account is created and used as the default anonymous user account. When you enable anonymous access, the IIS server uses the IUSER_computername account to log in to all users who visit your site.

The IUSR_computername account is granted NTFS permissions on all folders that make up the server's Web site. However, you can change the permissions of any folder or file in the site. For example, you can use Web server permissions to control whether site visitors are allowed to view a particular web page, load information, or run scripts.

When you configure both Web server permissions and Windows NTFS permissions, you can control how users access Web content at multiple levels, from the entire site to a single file.

How to grant Web server permissions to Web content

1. Start the Internet Service Manager. Or start the IIS server snap-in.

two。 Click to expand * server name, where server name is the name of the server.

3. Right-click the Web site, virtual directory, folder, or file that you want to grant access to, and then click Properties.

4. Click one of the following tabs, depending on your situation:

Home directory, virtual directory, directory, file

5. Click to select or clear any of the following check boxes, if any, corresponding to the Web permission level to be granted: script resource access: granting this permission allows users to access the source code. Script Resource access contains the source code of the script, such as a script in an Active Server Pages (ASP) program. Note that this permission is available only when the read or write permission is granted.

Note: if you click on the script resource access, the user will be able to see sensitive information, such as username and password, from the script of the ASP program. They will also be able to change the source code running on your server, which can seriously affect the security and performance of the server. It is recommended that you use a single Windows account and a higher level of authentication, such as integrated Windows authentication, to handle access to such information and these features.

Read: granting this permission allows users to view or download files or folders and their related properties. Read permission is selected by default.

Write: granting this permission allows the user to upload a file and its related properties to a folder enabled on the server, or to change the contents or properties of a file with write permission enabled.

Directory browsing: granting this permission allows the user to view a hypertext list of files and subfolders in the virtual directory. Note that the virtual directory does not appear in the folder list; the user must know the alias of the virtual directory.

Note: when a user attempts to access a file or folder on the IIS server, the Web server will display a "Access Forbidden" error message in the user's Web browser if both of the following conditions are met: directory browsing is disabled.

The user did not specify a file name, such as Filename.htm, in the address box.

Record access: this permission is granted to record access to this folder in a log file. Log entries are recorded only if logging is enabled for the site.

Indexing Resources: granting this permission will allow the Microsoft indexing service to include this folder in the full-text index of the site. When this permission is granted, users will be able to perform queries on this resource.

6. In the execute permissions box, select a setting to determine how you want the script to run on this site. You can use the following settings:? None: click this setting if you do not want users to run scripts or executable programs on the server. When using this setting, users can only access static files, such as Hypertext markup language (HTML) files and image files.

Script only: click this setting to run scripts such as ASP programs on the server.

Scripts and executables: click this setting to run scripts and executables such as ASP programs on the server at the same time.

7. Click OK, and then exit the Internet Service Manager or exit the IIS Server snap-in.

Note: when you try to change the security properties of a Web site or virtual directory, the IIS server checks the existing settings on the child nodes (virtual directories and files) contained in the site or virtual directory. If the permissions set at a lower level are different, the IIS server displays an inheritance override dialog box. To specify which child nodes should inherit the permissions you set at a higher level, click one or more nodes in the list of child nodes, and then click OK. The child node inherits the new permission settings.

If the Web permissions and NTFS permissions of a folder or file are different, the more restrictive of the two settings will be used. For example, if a specific group of users is granted write permission to a folder in the IIS server, and the group is granted read permission to the folder in NTFS, those users cannot write files to the folder because the read permission is more restrictive.

If you disable Web server permissions on a resource, such as read permission, none of the users can view the resource, regardless of the NTFS permission settings applied by these user accounts. If you enable Web server permissions on a resource, such as read permission, all users can view the resource unless NTFS permissions that restrict access to the resource are also applied.

Thank you for your reading, the above is the content of "what is the method of IIS server permissions?" after the study of this article, I believe you have a deeper understanding of what the method of IIS server permissions is, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.