R – IIS7 Simple http authentication

iis-7passwords

I've seen this question before but can't find a good answer for it.

I have an ASP.NET website using FormsAuthentication, it has some anonymous and protected parts. Now I publish this on a development machine connected to the Internet, I only want testers to have access to this website. So outsiders cannot see anything of the website, not even the formsauth login screen.

What I want is like a .htaccess popup that asks for a username/password, how can I accomplish this?

Best Answer

Install Helicon Ape free and put .htacces and .htpasswd files in the root of the site you are trying to protect.

Related Solutions

Xml – IIS7: HTTP->HTTPS Cleanly

I think the cleanest way is as described here on IIS-aid.com. It's web.config only and so if you change server you don't have to remember all the steps you went through with the 403.4 custom error page or other special permissions, it just works.

<configuration>
  <system.webServer>
    <rewrite>
      <rules>
        <rule name="HTTP to HTTPS redirect" stopProcessing="true">
          <match url="(.*)" />
            <conditions>
              <add input="{HTTPS}" pattern="off" ignoreCase="true" />
            </conditions>
            <action type="Redirect" redirectType="Permanent" url="https://{HTTP_HOST}/{R:1}" />
        </rule>
      </rules>
    </rewrite>
  </system.webServer>
</configuration>

IIS7 and Authentication problems

IIS7 integrated mode does not support the two phase authentication that IIS6 does. Basically, IIS6 would perform its authentication (windows), followed by asp.net performing its authentication (forms). But with IIS7, everything is equal in integrated mode, so you can only have one or the other authentication methods.

You can either convert the app pool to use classic mode or follow this workaround to get it working with Integrated mode.

Best Answer

Related Solutions

Xml – IIS7: HTTP->HTTPS Cleanly

IIS7 and Authentication problems

Related Topic