I want to create a download link to a file on my HTTP server (IIS 7.5), for a one time secure download purpose. I don't want the file to be publicly available, the receiver must authenticate.
When user visits the link:
https://www.mydomain.com/download/receiver/file.zip
I want the auth prompt to popup, if the user authenticates, then download should start.
I don't want to create a Windows user account for every file/receiver, that is, as I understand, required for Basic authentication to work. Creating IIS User is acceptable. But I can't seem to find a way to enable IIS Manager Authentication for a certain file or folder, web application, or even a completely new dedicated website.
(FTP is not an option for several reasons.)
Best Answer
This describes a way to do what you ask, although it requires manually editing web.config and changing security permissions on it:
http://blogs.msdn.com/b/carlosag/archive/2008/09/26/using-iis-manager-users-in-your-application.aspx
You might also consider http://www.helicontech.com/ape/ which enables the Apache .htpasswd style authentication, but it isn't free.
What is your objection to creating Windows accounts for this? Perhaps there's a way around your concerns with that, as it would be an easy way to accomplish what you want without adding extras into IIS.