As described in AuthenticationOptions, Windows Authentication is great for Intranet applications where all users have accounts that are known to the web server. Usually these will be domain accounts but they can also be machine accounts.
Even in an Internet setting, Windows Authentication wins as the quick and secure way to control access to FlexWiki content.
The steps are:
Make web.config changes to select Windows authentication, deny anonymous users, and impersonate identity.
Configure IIS to disable "Anonymous access".
Change the ACLs on the files and folders under the namespace root that you want restricted.
Its important to disable anonymous access on the root of the FlexWiki web site. It may be tempting to only restrict access on specific folders and files under the WikiBases folder, but that leads to eratic behavior.
The content is accessed by application file read and write operations, not by IIS directly. Authentication may not be triggered by these file operations wich means users won't have access to the pages you expect them to or will be able to read but not edit.
Set the Security properties (ACLs) on the files and folders under the namespace root to reflect your desired access policy.
Open the file or folder Properties dialog and click Advanced on the Security tab.
Uncheck the "Inherit from parent..." check box.
Click Remove to remove all the existing ACL entries.
Click OK to committ the changes.
Click Yes to the "You have denied everyone..." warning.
And make sure to add the users and groups you want to allow access.
For read only access give them Read & Execute, List Folder Contents, and Read.
For write access as well, also check Write.
Notes on the limitations of Windows Authentication.
The biggest limitation is that it will not work for all internet users. To work, you must be using IE 5.x or later, you must not be located behind a proxy and firewall (a shared cable modem connection seems to work fine), and you must have a way of providing user accounts to all users.
It's unfortunate but the login dialog doesn't support changing passwords.
Another problem is that if you switch to storing your wiki in a SQL database that the windows authentication won't work anymore.
The software running this site. -> jump to HomePage
10/22/2006 7:52:17 AM - -81.182.199.248
Click to read this topic
9/12/2005 6:28:19 AM - author unknown
The software running this site. -> jump to HomePage
10/22/2006 7:52:17 AM - -81.182.199.248
ACLs acronym for Access Control Lists.
1/24/2008 9:08:31 AM - FLWCOM-jwdavidson
The software running this site. -> jump to HomePage
10/22/2006 7:52:17 AM - -81.182.199.248
ACLs acronym for Access Control Lists.
1/24/2008 9:08:31 AM - FLWCOM-jwdavidson
ACLs acronym for Access Control Lists.
1/24/2008 9:08:31 AM - FLWCOM-jwdavidson
New to the wonderful world of wiki
1/24/2008 9:07:38 AM - FLWCOM-jwdavidson
The software running this site. -> jump to HomePage
10/22/2006 7:52:17 AM - -81.182.199.248
FlexWiki user with experience setting up FlexWiki for project usage on an intranet.
7/19/2006 9:46:41 AM - -140.32.73.93
The software running this site. -> jump to HomePage
10/22/2006 7:52:17 AM - -81.182.199.248
Click to read this topic
1/24/2008 7:57:24 AM - FLWCOM-jwdavidson
Click to read this topic
1/24/2008 7:57:24 AM - FLWCOM-jwdavidson
Aaron Sachs is an IT Engineer.
1/24/2008 7:34:58 AM - FLWCOM-jwdavidson
The software running this site. -> jump to HomePage
10/22/2006 7:52:17 AM - -81.182.199.248
The software running this site. -> jump to HomePage
10/22/2006 7:52:17 AM - -81.182.199.248
Sysadmin + Lead programmer at the Center for Language Study, Yale University