tags:

views:

245

answers:

3
+1  Q: 

How to create a local IIS site with encrypted wwwroot using EFS on Vista

I'm preparing a laptop to take with me while travelling, so all my user data is encrypted using EFS in case someone decides to steal it. I also need to set up a couple of local sites for development with IIS. If I turn off encryption on the wwwroot of a site, IIS can serve it just fine. However, I really would like to be able to use encryption here as well.

I've tried these steps: http://support.microsoft.com/kb/243756

When I try to view the local site in IE, I get a login dialog as expected, but it doesn't accept my credentials, although this is the account I use to encrypt the served files. Has anyone tried this and got it to work?

+1  A: 

EFS and IIS really don't play nicely together. The IIS services (typically) runs under "Network Service" which doesn't have access to your user account's EFS decryption key.

You have two options with IIS:

  1. Run "IIS Admin Service" and "World Wide Web Publishing Service" as your personal account, along with running any web site's anonymous user as this account.

  2. Flag the InetPub directory as Never Encrypt.

#1 is obviously the best bet for security/encryption purposes, but its going to be a challenge to set up the appropriate rights for your account to run these services.

You might want to consider just using Visual Studio's built in web server (Cassini) which gets aroung the encryption problem since it runs as your personal account, but it does have some of its own issues.

Christopher_G_Lewis  2009-09-22 14:53:33
The problem I have with #1 is that IIS has to store my password somewhere, which sort of defeats the purpose of encrypting data with the same password...
Frederik Slijkerman  2009-09-23 18:59:16
Actually, you'll be setting the user/password in Services.MSC, which is then encrypted by your system. With Vista and IIS 7, this is encrypted. Win XP and IIS 5.1 its hidden, but easily shown to an admin of your server with MetaBase explorer.
Christopher_G_Lewis  2009-09-23 22:48:35
A: 

Full hard drive encryption sounds more appropriate. I've had good results with the free version of CompuSec from

http://www.ce-infosys.com/english/downloads/free%5Fcompusec/

wefwfwefwe  2009-09-22 14:58:11
A: 

Thanks for the answers -- I've now decided to take the easy route and put all my web files in a TrueCrypt volume that I'll mount whenever I need to work on any local web sites, together with any database data. This is definitely the safest as far as I can see.

Frederik Slijkerman  2009-09-23 19:00:22
With Vista/Win7, I've had lots of luck with BitLocker.
Christopher_G_Lewis  2009-09-23 22:49:16
That doesn't work together with Boot Camp on a Mac...
Frederik Slijkerman  2009-12-03 15:04:01

related questions

IE6 security login (debugging via VirtualPC)
Asp.net Reinstalling a DLL into the GAC
Failed to load resources from resource file.
What does an IISReset do?
How do I secure a folder used to let users upload files?
VBScript/IIS - How do I automatically set ASP.NET version for a particular website
IIS 6/COM+ hangs
Web server farms with IIS ? Basic Infos
.NET 3.5 Service Pack 1 causes 404 pages on ASP.NET Web App
What Url rewriter do you use for ASP.Net?
Publishing to IIS - Best Practices
ASP.NET Proxy Application
PHP on IIS
How do I stop IIS7 dropping my cookies?
HTTPS in IIS 5.1
Best tool for performance testing ASP.NET
Alternative Hostname for an IIS web site for internal access only
SQL Server 2008 FileStream on a Web Server
Solutions for working with multiple branches in ASP.Net
Dual vs. Quadcore on a Webserver
PHP Error - Uploading a file
Visual Studio 2008 debugger already attached work-around
Linux shell equivalent on IIS
Bandwith throttling in IIS 6 by IP Address
Checklist for IIS 6/ASP.NET Windows Authentication?