IIS doesn't enforce file level NTFS permissions

Guest · Feb 5, 2007

Hi, I've just read
http://www.microsoft.com/technet/pr...technologies/iis/deploy/confeat/permmaze.mspx
and this article doesn't correspond to my testing with IIS on XP Pro, SP2.

I find that when Basic or Integrated Windows auth is applied, only the
permissions of the directory containing the file are interpreted, not the
permissions on the file itself.

That is, if I virtual directory to an NTFS directory with read permissions
for jack and jill, and place a file in that directory with read only for
jill, the following happens:

1. Jack is unable to access the file on disk.
2. Jack is able to access the file over authenticated HTTP.

Is there a setting I can place somewhere that enables fully granular
security for IIS?

Daniel Crichton · Feb 5, 2007

Douglas wrote on Mon, 5 Feb 2007 02:43:01 -0800:

Hi, I've just read
http://www.microsoft.com/technet/pr...technologies/iis/deploy/confeat/permmaze.mspx
and this article doesn't correspond to my testing with IIS on XP Pro, SP2.

I find that when Basic or Integrated Windows auth is applied, only the
permissions of the directory containing the file are interpreted, not the
permissions on the file itself.

That is, if I virtual directory to an NTFS directory with read permissions
for jack and jill, and place a file in that directory with read only for
jill, the following happens:

1. Jack is unable to access the file on disk.
2. Jack is able to access the file over authenticated HTTP.

Is there a setting I can place somewhere that enables fully granular
security for IIS?

Did you also disable Anonymous Authentication? If not, the file is being
accessed using the credentials of the IIS anonymous account (normally
IUSR_MACHINENAME) rather than the expected user.

Dan

Guest · Feb 5, 2007

Daniel Crichton said:
Did you also disable Anonymous Authentication?

Yes. Digest, anonymous and integrated auth are disabled; only basic HTTP
auth is enabled. I'm serving over SSL to Firefox.

Guest · Feb 5, 2007

This turns out to have been sloppy testing on my part; I can't reproduce the
problem anymore.

Daniel, thanks for your help.

Doug

NTFS Permissions for WinXP Pro	3	May 12, 2004
Effective NTFS Permissions on Windows	0	Jul 6, 2007
NTFS Permissions - Sub-Folders	4	Jul 25, 2006
Comprehensive Permissions Rules for ASP.NET 2.0/IIS 6	3	Aug 14, 2006
Moving a web project to a different computer (for development)	2	Jul 14, 2004
file and directory permissions	4	Jul 24, 2004
IIS File Path Problem	3	Feb 12, 2005
How to copy NTFS permissions?	0	Jul 22, 2003

IIS doesn't enforce file level NTFS permissions

Guest

Daniel Crichton

Guest

Guest

Ask a Question

Similar Threads