How can I password protect a single directory in IIS 8 under Windows Server 2012 Standard?
Example: I want to be able to access mysite.com, but when navigating to mysite.com/secured, I want to be prompted for a password for access.
Iis – Password protect single directory in IIS 8
iisiis-8windows-server-2012
Related Solutions
First off, make sure you have the authentication role features installed - basic authentication sounds like what you want. In server manager, right-click IIS, add role features, and install Basic Authentication (under security) if it's not installed already.
In the IIS manager, select a location, open the "Authentication" module, and configure as desired. Disabling Anonymous and enabling Basic is probably where you want to be - it'll be using Windows users, and access to the resources will be controlled by the NTFS permissions on those resources.
In Server 2012, go to Add Roles and Features. If you have not installed the Web Server Role, be sure to select that from the Server Roles section. When you get to the Role Services page for the Web Server Role, you will have the option to select IIS 6 Management Compatibility.
Related Topic
- How to enable Basic Authentication for IIS 8 in Windows Server 2012
- Iis – Enable IIS directory browsing for specific user or group
- Starting IIS Manager has Web Platform Prompt
- ‘Cannot get iis pickup directory’ in Windows Server 2012
- IIS Windows authentcation Unathorized due to directory permissions
- Getting 401.2 error with IIS basic authentication instead of a password prompt
Best Answer
Open your IIS manager and select the directory you want to protect.
Under the "IIS" section select "Authentication".
Disable "Anonymous Auth".
Enable the desired Auth method (usually "Basic Auth") and it will be valid for this directory only.
Add a User account.
Give that user Read, Execute, List Permissions on the directory needed, then login via the newly created user.
To log in, use the domain username and password (i.e. UN: admin@myDomain.local, PW: p@$$w0rd).
Note: You can add / remove auth methods @ Role Services window.
As an alternative you can code some auth system using serverside languages like PHP / ASP