IIS Basic Authorization ala .htaccess/.htpasswd in apache

.htaccessauthenticationhtpasswdhttp-basic-authenticationiis

How do I implement the protection of the pages (asp.net mvc app), so when I hit the home page or any other pages within the application I get a login dialog popup in the browser

I'm looking for something similar to what Apache .htaccess and .htpasswd is doing.

I have IIS 7.5/Windows Server 2008 R2 Web edition.

Best Answer

First of all you need to enable Basic Authentication. You can find this setting in the Authentication feature for the site in IIS Manager:

enter image description here

Double click on the icon then right click on Basic Authentication and select Enable:

enter image description here

You can also configure this directly in your web.config file (your application doesn't even have to be an ASP.NET application):

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <security>
            <authentication>
                <basicAuthentication enabled="true" />
            </authentication>
        </security>
    </system.webServer>
<configuration>

This will only work in the web.config provided that this feature has been delegated as Read/Write.

Out of the box you would need to create a separate Windows 2008 account for each login.

If you wanted to use a custom store (SQL Server, Membership Service) then you'd need to write your own Basic Authentication module:

Developing a Module Using .NET

Best Answer

Related Solutions

Iis – 401 – Unauthorized: Access is denied error from web app running in IIS 7.5 using App Pool Identity

Iis – How to configure IIS 7.5 without restart + call a batch file on every ASP.NET restart

Related Topic