• State Suggested Answer
  • Locked Locked
  • Replies 19 replies
  • Answers 1 answer
  • Subscribers 66 subscribers
  • Views 11729 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Lockdown web interface

david.jenkins-photomask.com

When installing the web interface there are three version of the site.  Admin, Helpdesk and Self Service.  I want to ensure I don't allow access to regular users to the Admin and Helpdesk interface.  Is there a way to lockdown the interface to a group?

Parents
  • 0

    What a timely topic David.

    We're investigating the same.

    Interested to see how others approached the issue.  We're currently taking baby steps.

    We created a new site under IIS Server\Sites node to keep impact away from the interfaces that are live under a sister site node in IIS Manager.

    We've set a custom port, and gave a custom name to differentiate between the production site and the test secure site.

    In looking through IIS documentation, they do have a method to specify which AD groups are allowed to access a particular site  ...

    in web.config

    <?xml version="1.0" encoding="UTF-8"?>
    <configuration>
        <system.webServer>
            ...
            <security>
                <authorization>
                    <remove users="*" roles="" verbs="" />
                    <add accessType="Allow" roles="myDomain\myGroup01" />
                    <add accessType="Allow" roles="myDomain\myGroup02" />
                </authorization>
            </security>
        </system.webServer>
    </configuration>

    Like I said, we're at the beginning, taking baby steps here ... so any shared experience from those that have gone through the exercise is appreciated!

Reply
  • 0

    What a timely topic David.

    We're investigating the same.

    Interested to see how others approached the issue.  We're currently taking baby steps.

    We created a new site under IIS Server\Sites node to keep impact away from the interfaces that are live under a sister site node in IIS Manager.

    We've set a custom port, and gave a custom name to differentiate between the production site and the test secure site.

    In looking through IIS documentation, they do have a method to specify which AD groups are allowed to access a particular site  ...

    in web.config

    <?xml version="1.0" encoding="UTF-8"?>
    <configuration>
        <system.webServer>
            ...
            <security>
                <authorization>
                    <remove users="*" roles="" verbs="" />
                    <add accessType="Allow" roles="myDomain\myGroup01" />
                    <add accessType="Allow" roles="myDomain\myGroup02" />
                </authorization>
            </security>
        </system.webServer>
    </configuration>

    Like I said, we're at the beginning, taking baby steps here ... so any shared experience from those that have gone through the exercise is appreciated!

Children
No Data