Password protecting directories in IIS

Winhost > IIS Manager
In IIS, password protection is achieved by removing anonymous user access to a directory or file. This can be achieved in two ways. You can add the Deny rule to the Anonymous User directly to your applications web.config file, or go through the steps in IIS Manager.
 
To manually add the rules in your applications web.config file, add this line under the <system.webServer> section:
 
        <security>
            <authorization>
                <add accessType="Deny" users="?" />
            </authorization>
        </security>
 
To password protect a specific file, add the 'location path' element within your security rules:
 
    <location path="index.htm">
        <system.webServer>
            <security>
                <authorization>
                    <add accessType="Deny" users="?" />
                </authorization>
            </security>
        </system.webServer>
    </location>
 
The alternative to hard coding your web.config file is to use IIS Manager. Refer to Using the Microsoft IIS Manager for instructions on configuring IIS Manager to connect to Winhost web servers. We recommended that the IIS Manager only be used only by experienced developers.
  • Connect to your site
  • Go to the directory you want to password protect in the left pane
  • Double click the Authorization Rules icon in the main window
  • Click Add Deny Rule
  • In the pop up dialogue box, select All anonymous users
  • Click OK
  • This action will add some entries into your web.config file
Note: Since the rule is written to your application's web.config file, if you upload a new web.config file, the rules may be overwritten.
Article ID: 671, , Modified: 3/11/2016 at 3:34 PM

Was this article helpful?

Share this article
Bluesky
Facebook
Threads
X / Twitter
Other Social Networks
Print