Hi there James - I have done my share of struggling with this kind of configuration... here's a few ideas to try: On Wed, 09 Feb 2000 12:35:14 -0500 "James W. Howe" <jwh@allencreek.com> wrote:
I'm trying to get my Zope installation to work with IIS. I've read various items from the mailing lists and I've read the how-to's and I still can't get it to work correctly. The closest I've come is getting the Zope welcome screen. I've never been able to see any contents of my site.
I think I've followed the process correctly.
1. I have a zope.pcgi file in my IIS scripts directory. The .pcgi file needs to have a setting for the PCGI port set - on NT PCGI happens over inet sockets.
2. I have the pcgi-wrapper.exe file in this directory as well. 3. I've configured IIS to have a mapping between .pcgi and pcgi-wrapper.exe OK, good.
4. I've reconfigured my zope startup to include a -p c:\inetpub\scripts\zope.pcgi parameter I usually just put a copy of the same zope.pcgi file in Zope's home directory to avoid having to put the path; I don't know if this is necessary or not.
5. I've modified by access file to just be of the following format:
<domain>/<userid>:
The domain is uppercase and the userid is how it was defined in the user manager. I don't believe it should be necessary to change the access file. The idea is to get Zope to handle the authentication, not IIS.
6. I've set the permissions on the zope.pcgi file to disable anonymous but activated basic and challenge/response. Actually, it should be the opposite, I think. Enable anonymous access. Disable both basic and challenge/response.
It is (in my experience) also necessary to turn off custom error pages for 404 errors.
7. I've restarted Zope and IIS (several times)
When I try to use access my site with http://foo.com/scripts/zope.pcgi I am prompted for a password, but I never authenticate. I eventually get a "You are not authorized to access this resource" traceback page (fails at line 551 in HTTPResponse.py)
What am I missing? How can I debug this configuration?
Assuming that I can make this work, I have a couple other configuration questions:
1. Is there a way to make a particular folder in Zope the default page for my web site? I want people to be able to go to http://foo.com and have that really access something like http://foo.com/RootName/StartingPoint. I think Evan Simpson's Site Access product would allow you to do this.
2. How do you configure access to this site? I want to provide my customer with limited access to particular folders. Do they need to have an account in the NT Domain on which the server is running? If I want anybody to be able to access certain portions of the site for viewing only how do I configure Zope and IIS? In other words, I want to have one or more users with some sort of content control capability, but everyone else just sees a web site (no folders, no knowledge that this is Zope). I'm pretty sure I know how to do this if I just use ZServer, but I'm not sure what I need to do to configure this for IIS.
Again, IIS is just passing along the authentication info to Zope, which is handling the actual authentication, so you shouldn't have to worry about NT Domains or Users or anything like that. Although, if you want to use NT Users for authentication, I believe there are a few contributed Products on Zope.org which let you do this, as well. So, basically the way of setting up security is just the same way that you would set things up using ZServer / Zope without IIS. My own procedure for setting up IIS and Zope is at http://www.zope.org/Members/brianh/iis_howto Hope this helps, Brian Hooper