Introduction

UNIX accounts can assign unique userids and passwords to control access to various directories (folders) and web pages inside them. You can see this in action when you access your own Control Panel -- each time you are prompted for your user ID and password. The actual web pages are not password protected, but rather the directory in which they reside.

Users of FrontPage should read the section below. Windows 2000 hosting plans currently do not support user authentication, but see below for a workaround.

Example

A software developer is making several programs available via the web, but only those visitors which have paid for the service should be allowed access to the download page. To control access, the page is placed in a directory which is password protected. Instead of distributing a single password, unique userids and passwords are assigned and removed as needed.

How to use (UNIX plans only)

  1. Create the directory you wish to password protect
  2. Select the link titled "Password Protection" in your Control Panel
  3. Enter the name of the directory (for example, "/secure") and click "Load" (remember UNIX is case sensitive)

The first time you use this function, the page will reload and the "Add/Modify user" option will appear toward the bottom of the page. If you have already added users, the option to "Remove user for directory" will also appear. A list of user IDs will be updated and displayed as you maintain the list.

After adding a user, you can run a simple test to verify the directory is secure. Create a new HTML document or copy an existing one into the directory and try loading the page from a web browser. If a password is required, you've done your job correctly!

Warnings:

  • Do not attempt to password protect any system directories such as "stats" or "cgi-local".
  • FrontPage users should be extremely careful when using this feature (see below).
  • Edit Access CANNOT be used to create additional FTP userids and passwords (users desiring this capability are encouraged to investigate our Shared Signature or Advanced Hosting plans.

Using Passwords and FrontPage

For UNIX accounts, it is possible to use FrontPage with password protected directories, but there are some things to watch out for. Do not use this feature on any directories you have created in FrontPage, as the FrontPage server extensions may become corrupted for your account. This is especially true if you are managing the site offline and publishing the site to your web server. Instead, create a new directory using your FTP client software, and password protect that directory. Then upload or download any files in that directory using your FTP software, just like you need to do with CGI scripts.

Or, simply use FrontPage to manage your security. To do this, make the folder you wish to protect a child web. Once you open the child web you can add security to it. Here are the steps for FrontPage 2002 (a.k.a. FrontPage XP) and FrontPage 2000:

To use FrontPage 2002 to protect directories

  1. While in FrontPage, log in to your server. For information on how to log in to your server, please read Logging into a Server through FrontPage.
  2. After you have logged into your server, create the directory you want to password protect.
  3. Right-click the directory you created and then click Convert to Web. A caution dialog box will be displayed.
  4. In the caution dialog box, answer "Are you sure you want to do this?" by clicking Yes.
  5. Double-click the directory that you created. A new FrontPage window will be displayed.
  6. On the menu bar, click Tools. Then, select Server.
  7. Click Permissions. The Permissions web page will display. Click Change Permissions.
  8. In Permissions, click Use unique permissions for this web site.
  9. Click Submit.
  10. Click the Administration link on the top menu bar on the page.
  11. Click Change anonymous access settings.
  12. Set Anonymous access is to Off and click Submit.
  13. Answer OK to the warning asking if you are sure you want to change the security for your web.
  14. Click Manage Users.
  15. Here you can add or remove users. By default your existing FrontPage login/password is enabled as an Administration for the child web.
  16. On the Add A User page, enter the User name and Password of the user to whom you are giving permissions.
  17. Confirm the user's password by retyping it in the Confirm password text box.
  18. In the User Role section, select the permissions that you want granted to the user.
  19. To save your changes, click Add User.
  20. To change the password for a user, in FrontPage click Tools, select Server, and click Change Password.

To use FrontPage 2000 to protect directories

  1. While in FrontPage, log in to your server. For information on how to log in to your server, please read Logging into a Server through FrontPage.
  2. After you have logged into your server, create the directory you want to password protect.
  3. Right-click the directory you created and then click Convert to Web. A caution dialog box will be displayed.
  4. In the caution dialog box, answer "Are you sure you want to do this?" by clicking Yes.
  5. Double-click the directory that you created. A new FrontPage window will be displayed.
  6. On the menu bar, click Tools. Then, select Security.
  7. Click Permissions. The Permissions dialog box will display.
  8. In Permissions, click Use unique permissions for this web.
  9. Click Apply.
  10. Click the Users tab and select Only registered users have browse access.
  11. Click Apply.
  12. Click Add. The Add Users dialog box will display.
  13. In the Add Users dialog box, enter the Name and Password of the user to whom you are giving permissions.
  14. Confirm the users password by retyping it in the Confirm Password text box.
  15. In the Allow Users to section, select the permissions that you want granted to the user.
  16. To save your changes, click OK. You will be returned to the Permissions dialog box. Click OK.

Windows 2000 Plans

Windows 2000 hosting plans do not support system-level user authentication. Due to the design of the IIS server software, this must be done with the Windows 2000 server's user database which is not accessible in a shared hosting environment due to security concerns.

However there is an alternative. Microsoft has a technote which explains how to set up authentication using .ASP scripts and session variables. Advanced users can modify this to authenticate using an SQL or Access database of usernames.

Please note: the information on this page applies to ITS web hosting plans. It may or may not apply to other environments. If you are looking for a feature described here, or better support from your hosting provider, please consider hosting your site with ITS!

Contact ITS Search Site Map StartCenter Privacy Policy Terms/Legal

Copyright © 1996-2025, Integrated Technical Solutions, Inc., all rights reserved. See Terms/Legal for trademarks, copyright, and terms of use.

1555 N Naperville/Wheaton Road, Suite 107
Naperville, IL 60563
phone 630.420.2550
fax 630.420.2771