Securing Web Access in IIS

[zavarka]

Hi Daminion Team,

 

Could you please recommend a way to secure the IIS website created for Web Access? I'm using Daminion Home Server and don't want everyone on my home WiFi network to see the local Daminion web site. To clarify, this is not about creating users for the catalog or setting up authorization profiles within Daminion. This is about securing the IIS site itself.

 

I tried tinkering with the IIS settings and could enable Windows Authentication at the "Default Web Site" level, but this breaks Daminion web access, even though I'm able to open the default IIS page with my Windows credentials.

 

Thanks in advance for sharing your expertise!

[Alexius]

Daminion Home Server does not support restricted access. You can access to Daminion Server Home using desktop client without password. Same behavior in the web client.

[zavarka]

Thank you for your response. You want to limit the multiple user functionality to Daminion Team Server customers, and this is perfectly clear and reasonable. However, your Home and Professional Server customers who don't collaborate in a team environment still need to protect their photo library. Currently the anonymous user is a full admin, and under this setup anyone on the net can view/edit/delete Daminion assets as long as they know the Web Access URL. I would really like to have the same user logon experience with my Home Server as the Team Server offers, with a single password-protected account rather than the anonymous account. Could you please consider adding this feature?

 

Thanks in advance!

[SebastianKowalski]

Daminion Home Server does not support restricted access. You can access to Daminion Server Home using desktop client without password. Same behavior in the web client.

Actually, this raises a significant security issue, especially when working in modern home network environments.

 

Both, shared catalogs in the database as well as the files residing in folders accessible by the windows server are reasonable protected. As you state, and as I (and probably many other home server users) experienced, anybody having a network connection to the network the home server resides on can access and modify assets and their metadata on server based catalogs.

 

I fully understand, home server and team server need to differentiate from a functionality point of view to also justify the significantly differing licensing cost. This however shall not lead to violating the most basic security principles of server based applications - even for a home environment.

 

Not sure whether home server pro is affected by this as well as the demo version always runs as a team server and I only own a home server license. For home server pro such an issue would be even more significant, as assests I use for business I even have to protect against unaouthorized access.

 

At least I would be very grateful, if Daminion rethinks the concept you state and provides measures to protect the access to assest made available via the server not only for the team server but also for the home server.

 

Many thanks in advance!