FrontPage 2002 Server Extensions relies on the security features of the Windows Server 2003 family to provide security for Web site content. FrontPage Server Extensions uses the following two elements of Windows security:
-
User authentication. Validates the user account that is attempting to gain access to a Web site or network resource.
-
File system security. Controls which users can access specific files and folders in the file system.
In addition to these elements of Windows security, FrontPage 2002 Server Extensions includes a new security feature: user roles. With user roles, you do not have to control the file and folder permissions separately or be concerned about keeping your local groups synchronized with your list of Web users. You use roles to give users permissions on your Web site, and use FrontPage 2002 Server Extensions administration tools to add new users directly. For more information about managing users and user roles, see Using Roles to Manage User Rights later in this appendix.
User Authentication
When you use FrontPage 2002 Server Extensions with IIS 6.0 on a computer running Windows Server 2003, user authentication is based on one or more of the following Windows authentication methods: Anonymous authentication, Basic authentication, Integrated Windows authentication, Digest authentication, Advanced Digest authentication, or Certificate authentication.
When you set up your Web server, choose the authentication method you want to use for FrontPage 2002 Server Extensions. With the exception of Anonymous authentication, you cannot change the authentication method by using the FrontPage 2002 Server Extensions administration tools; you must instead use IIS Manager to change the authentication method.
FrontPage 2002 Server Extensions supports connectivity through firewalls. Make sure your firewall is open for the standard HTTP ports 80 and 443 (which port you use depends on your configuration). If you use a firewall and want to use NTLM Integrated Windows authentication (formerly called NTLM and also referred to as Windows NT Challenge/Response authentication), make sure your firewall supports NTLM. Otherwise, configure your Web sites with Basic authentication, preferably with SSL.
For more information about these authentication methods, including brief descriptions of each, see Common IIS 6.0 Administrative Tasks. For additional information about security options for IIS 6.0, see Managing a Secure IIS 6.0 Solution.
File System Security
FrontPage 2002 Server Extensions relies in part on the Windows operating system to help secure the file system for your Web sites. The Windows Server 2003 family uses access control lists (ACLs) to help secure files and folders. Because ACLs require the NTFS file system, your Web servers must use NTFS when you run FrontPage 2002 Server Extensions on IIS 6.0. For more information about access control, see Understanding access control in Help and Support Center for Windows Server 2003. For more information about setting ACLs for FrontPage 2002 Server Extensions, see Windows Security Model.
.gif) Caution |
|
When you build FrontPage-extended Web sites and subwebs, all the ACLs for those sites are maintained by FrontPage Server Extensions. Do not try to change the ACLs in Windows Server2003. Instead, in order to maintain security, always make permissions changes and other security-related changes by using the FrontPage2002 Server Administration tools. |