IIS on Windows 2012 R2
A website has a number of directories and in one of those directories is restricted-page.html to which I want to restrict access to all except a particular windows user.
The rest of the site is to be freely browsable by anybody.
Following instructions at https://weblogs.asp.net/gurusarkar/setting-authorization-rules-for-a-particular-page-or-folder-in-web-config I expected that putting the following web.config into the directory containing restricted-page.html would work.
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<location path="restricted-page.html">
<system.web>
<authentication mode="Windows"/>
<authorization>
<allow users="windows-domain\account-name"/>
<deny users="*"/> // deny others
</authorization>
</system.web>
</location>
<location path="*">
<system.web>
<authentication mode="Windows"/>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
</configuration>
However, users can't browse into the containing directory without requiring authentication.
Could anyone advise?
Best Answer
Solution was as Broco says above and much easier than I'd supposed.
Disable Anonymous Authentication for the site in IIS
Enable Windows Authentication
Then use file permissions.
step by step with screenshots