A Process Library website is hosted through Internet Information Services (IIS), Microsoft Windows' web serving platform. The whole or parts of a Process Library can be secured using standard IIS techniques. The methods that we commonly use will be the subject of this article, but implementing security needn't be restricted to these.
Those implemented will depend on factors such as whether the server is to be accessible to clients outside of its domain.
This usually means that access to a Process Library website isn't restricted. However, multiple Process Libraries can be isolated while still using Anonymous authentication. If a Process Library is associated with a dedicated IIS site, each such site and an associated, dedicated application pool could be linked to a different, low-privileged account: the application pool's Application Pool Identity account. Permissions for that library's resources would be granted to the appropriate Application Pool Identity account, but not to those accounts associated with other libraries.
On this server, there are two Process Libraries: ProLibrary1 and ProLibrary2.
Addresses of these libraries would be of the form:
The security methods used would mean that trying to access a process library through the wrong site would fail.
This method of isolation is probably most applicable to Process Libraries that are meant to be accessible from outside of the domain in which the server resides, as Windows authentication is likely to be simpler and more secure within a domain.
It can be an irritation to have to log on to access a website, so this method of authentication would be employed if there isn't an obvious alternative. It could be applied to specific parts of a website, restricting access to some content, whereas the majority of the library may be generally accessible.
Authentication is transparent, so a user isn't challenged if he or she has suitable permissions.
Authentication methods work in conjunction with file permissions to implement security. File permissions are described in an article on our Knowledge Base.
'Triaster Server 2011 - Folder and File Permissions'
IP address restrictions can be applied in addition to these authentication methods. This technique is commonly used to restrict access to an 'allowed' list of addresses. Any requests associated with other IP addresses would be denied.
These configurations can be made at any level in the tree: at server level, site level, library level, etc., enabling granular application of security.
This has been an overview of some of the techniques that we have used to secure Process Libraries. Perhaps the main points of emphasis are: