https--use user credentials to search, stored credentials to index

greenwoodc · Post by **greenwoodc** » Tue Jul 31, 2007 4:17 pm

What is the proper way to set up a search on a secure site?

We have lots of sensitive information on a secure web site. I want the people who have credentials for the site to see search results, and anyone else who stumbles upon the search page to either be unable to get to the search, or at the very least be unable to see the results.

Indexing and searching is going fine--I just want to limit access to search results.

Thanks for your help!
Cathi

PS. Additional info that may help explain the problem. We are using the free version. One profile indexes and searches our http public site. I'm working on a second profile to index and search the part that's https.

Post by **John** » Tue Jul 31, 2007 5:16 pm

How is the site secured? You may be able to secure the search in the same manner. E.g. if you are using IIS and integrated authentication then the texis virtual directory can be made unavailable to the anonymous user.

greenwoodc · Post by **greenwoodc** » Tue Jul 31, 2007 5:58 pm

Yes, it's IIS. Would that require one virtual directory for the public site (OK for anonymous users) and one directory for the private site?

Does that mean two different installations or not? When setting up the second profile, it asks for a new location for the database. Can the security be set at that level?

It just seems messy to have to do two separate installations to search a private site and a public site. Is there any way to set the security at the profile level?

Post by **John** » Fri Aug 03, 2007 12:23 pm

You could set it up at the profile level by editing the script, although you would need to find out what headers IIS lets you see to indicate that the user was authenticated.