Set web server permissions for better access control

As commercial transactions expand the number of customers and the scope of suppliers, it is wise to update user access control to ensure that confidential data in corporate folders, files, and web documents still follows the 'locks and key. Fortunately, it is easy to create rules on the Internet Information Server (IIS) to specify or limit which information can be accessed. Let's take a look at how to configure IIS Web Server permissions to provide appropriate and secure access control so that it not only meets end users, but also ensures better data security.

The IIS Web Server permission controls access to virtual directories on the Web, which is applicable to all users. To implement access control for specific data, you must start by configuring the IIS Directory security function. Start configuration, open the Internet information service console, and enter the website Properties dialog box or the subfolders you want to control. After entering, find the Directory tab. On the Directory tab, you can set whether the user can browse the directory, and whether the user can view/modify the source code of the file and access the file. In this dialog box, you should also find a Directory Security tab. In this tag, you can configure how your Web server authenticates a user. It is important to note that because you are dealing with the permissions of the IIS Web server, the new settings will apply to all users, No matter what specific NT File System (NTFS) Access Permissions they have.

Therefore, the next step is to configure the NTFS permission for the Web file. NTFS permission control controls access to physical directories on the server. It is only applicable to specific user groups. By creating a free access control list (DACL) for a single file or directory, you can define which users can access and what operations are performed on the content. To create a DACL, select a specific Windows User Account or group and specify its access permissions. To change the NTFS permission of a directory or file, open my computer, select the directory or file you want to protect, and open its attribute table.

On the security properties page, select the access type of the Account, user, or group you want to change. To grant access permissions, select "allow". To deny access, select "deny ". This will help you better control the access to your web content, because for content with the NTFS permission set at the same time, before verifying the user's NTFS permission, IIS first checks whether users have the necessary web permissions to access the resources they requested. If the user does not have web permissions, they will receive a message "403 forbidden access. If the user does not have the correct NTFS permission, they will receive a "401 Access Denied" message.

If your customers and suppliers are particularly sensitive to access content, consider installing a Web server certificate to ensure the Secure Sockets Layer (SSL) feature of your Web server. This forces the user to establish an encrypted connection to connect to a specific directory or file. Another final method is to map the customer certificate to the Windows user account on the Web server. This approach makes management more complex while providing powerful authentication and access control. However, if your website needs to authenticate user identity before authorizing access to restricted content, this is also worth it.