IIS7 URLAuthorization: Get rid of file system permissions! (Video)

Setting file system permissions (or NTFS ACLs as they are also known) can be a real pain in the rear.  Not only do you have to deal with sometimes complicated inheritance rules, but they don't copy easily - especially across machines, and they can easily get trashed or re-set unintentionally.  Starting with IIS7, you can avoid setting file permissions on content as a way to protect it, and instead store the authorization rules in your application's web.config file.  That means anywhere you copy the content, the authorization rules flow with it! 

Here are some basic facts to get it working:

Install path: \IIS\World Wide Web Services\Security\URLAuthorization

Requires: an authentication protocol (ASP.NET Forms authentication, Windows, Basic or Digest Authentication all work well)

Configuration stored like this:

<configuration> 
    <system.webServer>
        <security>
            <authorization>
                <clear />
                <add accessType="Allow" users="bill" />
            </authorization>
        </security>     
    </system.webServer>   
</configuration>

 

Want to see it in action?  Watch this video I created (requires Silverlight)

For more detailed information on URLauthorization, see this great article which ThomaD wrote for IIS.net!

Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it!

No Comments