tags:

views:

761

answers:

2
Q: 

How do I password protect IIS in a method analogous to Apache's AuthType / AuthUserFile mechanism?

I'm used to doing basic password protection for Apache w/ the following method in Apache config files:

AuthType Basic
AuthName "By Invitation Only"
AuthUserFile /path/to/.htpasswd
Require valid-user

However, I've been asked to put some protection on a subdirectory of a site running ColdFusion on top of IIS6, and I'm unfamiliar with how to do this. How is this done? What should I look out for? I just need to password protect an administrative subdirectory, so I don't need a full user login system - just something that limits who can access the section of the site.

+1  A: 

You can go into IIS 6 and the properties for your website's folder you want to protect. Click directory security tab and uncheck allow anonymous. Then you need to choose an authntication type. If its over SSL you can use basic, otherwise use another type. But since you mention basic, this may suffice regardless. Keep in mind basic auth will send password in plain text. Thsi will ask for a windows login in order to access that folder. You can create a limited wondows account for this purpose, reagrdless if its on the domain or local.One more thing, wether you use an existing account or create a new account make sure this folder has at least read permission to the folder and its sub folders.

mattlant  2008-09-29 22:08:36
A: 

I believe you're looking for IISPassword from Parker Software.

Grant Wagner  2008-09-29 22:09:04
getting a 404 error on that link
widgisoft  2010-05-24 16:24:56

related questions

How do I add a MIME type to .htaccess?
Difference between the Apache HTTP Server and Apache Tomcat?
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Cleanest & Fastest server setup for Django
Installing Apache Web Server on 64 Bit Mac
Running Apache alongside another web server?
Algorithm behind MD5Crypt
Can you compile Apache HTTP Server and redeploy its binaries to a different location ?
mod_rewrite rule to redirect all requests except for one specific path
How do I create a self signed SSL certificate to use while testing a web app.
Software for Webserver Log Analysis?
What is the difference between an endpoint, a service, and a port when working with webservices?
What are the proper permissions for an upload folder with PHP/Apache?
mod_rewrite to alias one file suffix type to another
How do you redirect HTTPS to HTTP?
Using mod_rewrite to Mimic SSL Virtual Hosts?
User authentication on Resin webserver
How do you set up Python scripts to work in Apache 2.0?
Block user access to internals of a site using HTTP_REFERER
.htaccess directives to *not* redirect certain URLs
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP