Return Styles: Pseud0ch, Terminal, Valhalla, NES, Geocities, Blue Moon.

Pages: 1-

securing basic HTML in IIS

Name: Anonymous 2010-06-03 22:38

how can i verify that a person has logged into a website before serving non-dynamic HTML pages to them in IIS?

Name: Anonymous 2010-06-03 22:40

Less of this.

Name: Anonymous 2010-06-03 22:41

HTTP authentication over SSL

Name: Anonymous 2010-06-03 22:42

>>3
i figured it might be HTTPS/SSL related.  ill look into this.

Name: Anonymous 2010-06-03 22:45

>>4
It isn't. You can do HTTP authentication over regular HTTP (hence the name). It's a bad idea from a security point of view, but since you're using IIS anyway, so is anything else you'll be trying.

Name: Anonymous 2010-06-03 22:50

>>5
are you referring to basic authentication?

:x

Name: Anonymous 2010-06-03 22:56

>>6
Your pages are static, so you can't do authentication on any other level than HTTP. What the fuck did you think you were going to be doing?

Name: Anonymous 2010-06-03 23:01

>>8
wont that mean they'll have to log in twice?  once to log into the main site with your typical web interface, and another time to log in over basic authentication?

Name: not a web dev 2010-06-03 23:03

>>8
Isn't that what sessions/cookies are for?

Name: Anonymous 2010-06-03 23:04

>>8
How exactly did you expect this to work otherwise? Do what most people would do and don't make those pages static. Have them check for a session.

Name: Anonymous 2010-06-03 23:09

>>9
how can i check a cookie/session on an HTML page?

>>10
i didnt make those HTML pages, we get them from some company and push them on our servers.  there's thousands of them, so its not really feasible to rewrite them all to make them dynamic.

i guess ill look into the URL Rewrite module for IIS.  hopefully ill find something that works for us.

Name: not a web dev 2010-06-03 23:13

>>11
A cookie is sent as a HTTP header, right? Then surely your web server can check it before it grants access to the web page. First time, make them authenticate and have the the server send back a token. From then on they use the cookie. Again, not a web developer, but that shouldn't be a million miles off.

Name: Anonymous 2010-06-03 23:15

>>12
You're missing the fact that he's using IIS. Things that are easy in principle are impossible when your tools are broken.

Name: Anonymous 2010-06-03 23:16

>>12
not sure if we're allowed to use cookies on our domain, but ill research this as a possible solution.

Name: Anonymous 2010-06-04 2:04

>>14
why wouldn't you be allowed to use cookies? some sort of idiotic company policy against using the right tools for the job?
if so, just use http auth. also, make sure you use ssl for people to log in.

Name: Anonymous 2010-06-04 9:27

I recommend SecurEnvoy tokenless two-factor authentication using their IIS plugin.

Name: Anonymous 2010-06-04 13:51

>>1
Using a Windows box as a web server.

Now you have two problems. (More like over 9000 of them in truth.)

Name: Anonymous 2010-06-04 13:52

>>1
Can't you use a real web server?

Name: Anonymous 2010-06-04 13:54

>>17,18
You must be new here, and I can tell where you're from. Sometimes your post doesn't appear straight away, you must refresh if it doesn't. Good old Shiit.

Name: Anonymous 2010-06-04 13:55

You don't know shit, son. I'm an old troll here in /prog/land

Name: Anonymous 2010-06-04 13:56

>>20
I highly doubt that.

Name: Sagey McSagerson 2010-06-04 14:08

>>21
Weedhopper, you must be new to this whole satori thing. Come and let /prog/ enlighten you.

Name: Anonymous 2010-06-04 17:55

>>17,18
It's OK if you're too poor to use Windows and have to stick with freetard operating systems like Linsux.  No need to troll about it.

Name: Anonymous 2010-06-04 19:06

>>23
Pay to use Windows? Who does that? Just pirate it and call it a day.
Don't change these.
Name: Email:
Entire Thread Thread List
All trademarks and copyrights on this site are owned by their respective parties. All comments and posts are the responsibility of their own posters.
- Tinychan + 2ch Mode -