Wednesday, May 13, 2009

FILE PROTECTIONS

IIS Directory and File Protection

MS IIS - Access by Window Authentication (OS users) only!

  • Allow access to web files via Windows Authentication (Tested w/ IIS v5.0).  When the user hits the web page a Windows Authentication login screen will appear.
    • Launch IIS (Internet Information Services)
    • Find the directory that you want to protect - probably under "Default Web Site"
    • Right click on the directory and choose "Properties"
    • Click the tab "Directory Security"
    • Click "Edit" under the section "Anonymous access and authentication control"
    • Authentication Mode
      Blank – Anonymous access (uncheck this !!!)
      Blank – Basic Authentication
      Check – Integrated Windows authentication.
    • OK
    • Apply, OK
    • Testing - If you test from the server, then you already have Windows Authentication.  You may want to test from a workstation and access via a browser.
    • Directory Security - if you are still having issues, you may want to use Win Explorer on the server and look at the Directory security permissions.  Using Windows Explorer right click on the directory, the Properties, then "Security".  (FYI - Usually you should not need to play with these settings - just IIS's settings).

MS IIS - directory protection software via ISAPI filters.

For the products that I have tested/used you can email me if you want talk:  (www.michael-thomas.com - then look for an email link)

Note:  http://localhost or http://127.0.0.1 is your local IP address if testing on your PC.

  • Search Engine Key Words

  • Testing Issues with ISAPI Filters
    • .wmv - I've had issues with these type files.
    • .swf - I've had issues with these type of files.
    • .pdf - I've had issues with Adobe v6.  v7 seems to work.
    • "By Referrer" - seems to have issues with .wmv, .swf files and possibly .pdf.  I think the reason why is tied to the client requesting additional bytes without sending the "By Referrer" info.
  • http://www.iisprotect.com - Quote from there site "iisPROTECT password protects all file types: .jpg, .gif, .pdf, .mdb, .txt, .asp, .aspx .htm .anything!  Independent of NT security, iisPROTECT uses its own database or can easily tie into an existing database."
    • I have used this product to secure content (on multiple servers) based on a user having logged into a Web Application.
    • Form Based Cookie Login: Enable - set this to enable. 
    • The "By Referrer" filter has issues with .swf and .wmv files.  (Use the "Allow" option and then enter the allowed IP addresses.)
      • .swf - hangs with IE.
      • .wmv - has issues with certain "codec" versions of WMPv10, IE and IIS.  I could never pin down the solution.    I also tried the following tags:  object & embed.
    • The Filter "IP" filters by the IP address of the client's connection to the internet (see By Referrer for from what IP did the link originate.)
    • Filter & AutoLogin Options:  Domain, IP (client's IP), User Agent, Referrer.
  • http://www.flicks.com
    • WebQuota - works with IIS.
      • The "By Referrer" has issues with .swf and .wmv files.
        • .swf - hangs with IE.
        • .wmv - has issues with certain "codec" versions of WMPv10, IE and IIS.  I could never pin down the solution.  I also tried the following tags:  object & embed.
  • http://www.iismods.com - free open source software.
    (Note:  I never could get this product to function in my environment.)
    • Mod Auth Lite
    • Mod Auth Standard - Mod Auth Lite plus database and MD5 support.

MS IIS - (Windows Media Server)

  • Notes
    • Search Engine Key Words

    • Notes
      • DRM (Digital Rights Media) -
        • http://www.microsoft.com/windows/windowsmedia/knowledgecenter/technicalarticles.aspx - Info on DRM.
        • Windows Media Rights Manager - licenses and keys are used to protect content.
        • Windows Media Encoder - enables content owners to protect digital media content during the content creation process.  Quote from MS, "In order to play back protected content, a user must have the corresponding license. This separate license "unlocks" the content and determines how the content can be used. For example, a license for promotional content might allow a user to play the content five times, or the license for rental content might expire after three days.  The license is issued by a third-party license provider. Before you can protect your content, you must set up an account with a license provider and establish the business model and terms of the licenses for the content."
          http://www.microsoft.com/windows/windowsmedia/howto/articles/ProtectContent.aspx - excellent info on how DRM works.
      • Codecs - Quote from MS: "Codecs enable content authors to specify the bit rate of a stream, which, when coupled with the duration of that stream, determines the size of the resulting file. Codecs also provide the flexibility to adjust the way encoded video and audio content looks and sounds."
  • http://www.flicks.com
    • VideoQuota - works with Windows Media Services web server.
      • Warning: This product caused WMS to quit serving out content in my testing.  I uninstalled VideQuota and WMS started working again.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)