Home / server / Questions / 272290
In Process
Dmitry
Asked: 2011-05-21 06:34:44 +0800 CST

IIS Basic Authorization ala .htaccess/.htpasswd in apache

  • 772

How do I implement the protection of the pages (asp.net mvc app), so when I hit the home page or any other pages within the application I get a login dialog popup in the browser

I'm looking for something similar to what Apache .htaccess and .htpasswd is doing.

I have IIS 7.5/Windows Server 2008 R2 Web edition.

authentication iis .htaccess http-basic-authentication htpasswd

2 Answers

  1. First of all you need to enable Basic Authentication. You can find this setting in the Authentication feature for the site in IIS Manager:

    enter image description here

    Double click on the icon then right click on Basic Authentication and select Enable:

    enter image description here

    You can also configure this directly in your web.config file (your application doesn't even have to be an ASP.NET application):

    <?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <security>
            <authentication>
                <basicAuthentication enabled="true" />
            </authentication>
        </security>
    </system.webServer>
<configuration>

    This will only work in the web.config provided that this feature has been delegated as Read/Write.

    Out of the box you would need to create a separate Windows 2008 account for each login.

    If you wanted to use a custom store (SQL Server, Membership Service) then you'd need to write your own Basic Authentication module:

    Developing a Module Using .NET

    • 3

  2. In the IIS Manager in Sites->Yoursite->Authentication you can disable "Anonymous Authentication" and enable "Basic Authentication" or any HTTP 401 Challenge that's appropriate for your website.

    • 2