Ok, here's my problem. My organization has a document that only certain people should be able to see. It's a PDF. What I'd like to do is have a text-file (XML? something else?) that has the path the file (can I also do this to an entire directory?) and the AD credentials of the people that should be able to use this.
I don't know exactly how to do this and I'm guessing that this is problem can be resolved by configuring specifically IIS in a particular fashion. I'm running Windows 2003, so that means I'm dealing with IIS 6.0.
Any ideas? I don't know much about IIS or even how to get to the GUI config screen.
Best Answer
I don't understand what you mean by "I'd like to do is have a text-file ... that has the path the file ... and the AD credentials of the people that should be able to use this". It sounds like you're just asking if you can put a URL, username, and password into a file (which you certainly can) but I really think that's not what you're asking.
I think you're really asking if you can make the PDF file accessible only to certain AD users.
It sounds like you're not very familiar with Windows system administration. Giving you a click-for-click set of instructions isn't something that you're going to find on Server Fault so be prepared to do a little bit of exploration.
IIS does this based on the NTFS permissions on the file and the authenticated user's identity. Part of the work will be done with the Windows Explorer "Security" tab of the properties-sheet for a file or folder, and part of the work will be done in the graphical IIS management console snap-in (located in your "Administrative Tools" Start Menu program group by default).
For a hypothetical directory on your "Default Web Site" on a Windows Server 2003 IIS server you would:
Create the directory "C:\inetpub\wwwroot\protected-docs"
Modify the NTFS permissions on that directory to allow only members of the authorized AD group (or individual AD user accounts-- but, really, you should use groups) "Read" access. I'd recommend doing this by blocking ACL inheritance and copying the ACL, removing any "Users" or "Anonymous"-related ACL entries, and then adding the appropriate group / users with "Read" rights
Modify the authentication methods on the "Directory Security" tab of the properties sheet for the "protected-docs" subdirectory of the "Default Web Site" using the IIS management console. Remove "Allow Anonymous Access" and tick either the "Windows Authentication" or "Basic Authentication" boxes (bearing in mind that Basic Authentication sends credentials in cleartext over the wire and isn't really a good choice for sites not using HTTPS to encrypt traffic while on the wire)
That's the basic gig for doing what I suspect you're looking for.