[Zope] Zope and IIS

Brian Takashi Hooper brian@garage.co.jp
Thu, 10 Feb 2000 10:12:14 +0900


Hi there James -

I have done my share of struggling with this kind of configuration...
here's a few ideas to try:

On Wed, 09 Feb 2000 12:35:14 -0500
"James W. Howe" <jwh@allencreek.com> wrote:

> I'm trying to get my Zope installation to work with IIS.  I've read various 
> items from the mailing lists and I've read the how-to's and I still can't 
> get it to work correctly.  The closest I've come is getting the Zope 
> welcome screen.  I've never been able to see any contents of my site.
> 
> I think I've followed the process correctly.
> 
> 1. I have a zope.pcgi file in my IIS scripts directory.
The .pcgi file needs to have a setting for the PCGI port set - on NT
PCGI happens over inet sockets.

> 2. I have the pcgi-wrapper.exe file in this directory as well.
> 3. I've configured IIS to have a mapping between .pcgi and pcgi-wrapper.exe
OK, good.

> 4. I've reconfigured my zope startup to include a -p 
> c:\inetpub\scripts\zope.pcgi parameter
I usually just put a copy of the same zope.pcgi file in Zope's home
directory to avoid having to put the path; I don't know if this is
necessary or not.

> 5. I've modified by access file to just be of the following format:
> 
>      <domain>/<userid>:
> 
> The domain is uppercase and the userid is how it was defined in the user 
> manager.
I don't believe it should be necessary to change the access file.
The idea is to get Zope to handle the authentication, not IIS.

> 6. I've set the permissions on the zope.pcgi file to disable anonymous but 
> activated basic and challenge/response.
Actually, it should be the opposite, I think.
Enable anonymous access.
Disable both basic and challenge/response.

It is (in my experience) also necessary to turn off custom error pages
for 404 errors.

> 7. I've restarted Zope and IIS (several times)
> 
> When I try to use access my site with http://foo.com/scripts/zope.pcgi I am 
> prompted for a password, but I never authenticate.  I eventually get a "You 
> are not authorized to access this resource" traceback page (fails at line 
> 551 in HTTPResponse.py)
> 
> What am I missing?  How can I debug this configuration?
> 
> Assuming that I can make this work, I have a couple other configuration 
> questions:
> 
> 1. Is there a way to make a particular folder in Zope the default page for 
> my web site?  I want people to be able to go to http://foo.com and have 
> that really access something like http://foo.com/RootName/StartingPoint.
I think Evan Simpson's Site Access product would allow you to do this.

> 
> 2. How do you configure access to this site?  I want to provide my customer 
> with limited access to particular folders.  Do they need to have an account 
> in the NT Domain on which the server is running?  If I want anybody to be 
> able to access certain portions of the site for viewing only how do I 
> configure Zope and IIS?  In other words, I want to have one or more users 
> with some sort of content control capability, but everyone else just sees a 
> web site (no folders, no knowledge that this is Zope).  I'm pretty sure I 
> know how to do this if I just use ZServer, but I'm not sure what I need to 
> do to configure this for IIS.
Again, IIS is just passing along the authentication info to Zope, which
is handling the actual authentication, so you shouldn't have to worry
about NT Domains or Users or anything like that.  Although, if you want
to use NT Users for authentication, I believe there are a few
contributed Products on Zope.org which let you do this, as well.

So, basically the way of setting up security is just the same way that
you would set things up using ZServer / Zope without IIS.

My own procedure for setting up IIS and Zope is at 
http://www.zope.org/Members/brianh/iis_howto

Hope this helps,

Brian Hooper