https--use user credentials to search, stored credentials to index

Post Reply
greenwoodc
Posts: 4
Joined: Fri Jul 27, 2007 2:43 pm

https--use user credentials to search, stored credentials to index

Post by greenwoodc »

What is the proper way to set up a search on a secure site?

We have lots of sensitive information on a secure web site. I want the people who have credentials for the site to see search results, and anyone else who stumbles upon the search page to either be unable to get to the search, or at the very least be unable to see the results.

Indexing and searching is going fine--I just want to limit access to search results.

Thanks for your help!
Cathi

PS. Additional info that may help explain the problem. We are using the free version. One profile indexes and searches our http public site. I'm working on a second profile to index and search the part that's https.
User avatar
John
Site Admin
Posts: 2622
Joined: Mon Apr 24, 2000 3:18 pm
Location: Cleveland, OH
Contact:

https--use user credentials to search, stored credentials to index

Post by John »

How is the site secured? You may be able to secure the search in the same manner. E.g. if you are using IIS and integrated authentication then the texis virtual directory can be made unavailable to the anonymous user.
John Turnbull
Thunderstone Software
greenwoodc
Posts: 4
Joined: Fri Jul 27, 2007 2:43 pm

https--use user credentials to search, stored credentials to index

Post by greenwoodc »

Yes, it's IIS. Would that require one virtual directory for the public site (OK for anonymous users) and one directory for the private site?

Does that mean two different installations or not? When setting up the second profile, it asks for a new location for the database. Can the security be set at that level?

It just seems messy to have to do two separate installations to search a private site and a public site. Is there any way to set the security at the profile level?
User avatar
John
Site Admin
Posts: 2622
Joined: Mon Apr 24, 2000 3:18 pm
Location: Cleveland, OH
Contact:

https--use user credentials to search, stored credentials to index

Post by John »

You could set it up at the profile level by editing the script, although you would need to find out what headers IIS lets you see to indicate that the user was authenticated.
John Turnbull
Thunderstone Software
Post Reply