Forgive my lack of IIS experience, but I have a user on a hosted server running IIS with Plesk. He uses protected folders, and I'm looking for a way to:
- Allow him to protect folders using a simple username/password combo
- Whitelist a static IP so the folder can always be accessed without auth from that server
It doesn't have to—and preferably wouldn't be—a Plesk-only solution. If there's a way to do it through web.config that would be even better.
I'm basically looking for the IIS equivalent of an Apache htaccess/htpasswd auth :)
Thanks!
There may be another way, but simply you can
- create a local user under Windows,
- add them to a local user group,
- remove anonymous access to the folder containing the web site and
- change file permissions to only allow access to members of the local user group
For the IP whitelist, there doesn't appear to be a way to override basic auth by IP address.
Its a bit of a kludge, but you could point a separate virtual site to the same directory and lock it down to nothing other than the local IP. Perhaps use host header to select the new site
I believe that's the tool you're looking for, @Aksival: http://www.iistools.com/en/iispassword.html
I'm not sure if it'll provide a whitelist for a static ip (I think not), but it definitely allows you to setup authentication for specific directories served by IIS.