views:

761

answers:

2

I'm used to doing basic password protection for Apache w/ the following method in Apache config files:

AuthType Basic
AuthName "By Invitation Only"
AuthUserFile /path/to/.htpasswd
Require valid-user

However, I've been asked to put some protection on a subdirectory of a site running ColdFusion on top of IIS6, and I'm unfamiliar with how to do this. How is this done? What should I look out for? I just need to password protect an administrative subdirectory, so I don't need a full user login system - just something that limits who can access the section of the site.

+1  A: 

You can go into IIS 6 and the properties for your website's folder you want to protect. Click directory security tab and uncheck allow anonymous. Then you need to choose an authntication type. If its over SSL you can use basic, otherwise use another type. But since you mention basic, this may suffice regardless. Keep in mind basic auth will send password in plain text. Thsi will ask for a windows login in order to access that folder. You can create a limited wondows account for this purpose, reagrdless if its on the domain or local.One more thing, wether you use an existing account or create a new account make sure this folder has at least read permission to the folder and its sub folders.

mattlant
A: 

I believe you're looking for IISPassword from Parker Software.

Grant Wagner
getting a 404 error on that link
widgisoft