I'm trying to secure an MVC.NET site on IIS7.5 with basic authentication. I'd rather not setup an entire windows account for this as I don't want the user to have that much privilege. I also don't want to implement a data driven authentication solution. I just want quick way to create a user that can only gain access to the website and nothing else.
Is there a way to do this by storing the credentials in the web.config file? Or use the IIS Managed users? The managed users seem like overkill as I don't want the user to actually be able to manage the site, just gain access to view it.
Best Answer
If I remember correctly you can store the credentials for users directly in the web.config file but only when used in combination with the Forms Authentication Provider.
It really isn't recommended to store credentials like this, especially when you could easily setup the default ASP.NET Membership provider to use a local SQLCE instance.