简体繁体中英

Best way to password-protect folders on IIS

原文 2023-01-14 17:33:14 9 1 authentication/ iis/ directory/ protected

What is the best way to password-protect a folder on IIS with a single set of credentials to be shared by a group of users?

Our hosting service offers Plesk, which in turn offers a "password-protected directory" function, but some of our clients have HTTP authorization disabled, so they get an automatic 401.4 error with no prompt for credentials.

I've looked into Forms authentication but this seems cumbersome to set up for the numerous separate domains at issue.

The protected content is not super sensitive, we just don't want it easily accessible to the public. Many of our users do not use the site frequently and we don't want to implement individual credentialing for everyone (we do have that in place for more sensitive sections) just so they can view current project reports or meeting minutes.

On sites I don't control, but am just a user, that do the same things as mine, it is a big pain to have to look up a username and password twice per year just to view a meeting agenda (yes, browser could remember but they also have a 4-month expiration and lots of us are on different devices all the time).

Is Forms authentication the way to go? Took a several hours for me to get it set up and working, with all sorts of settings not well documented in a single place.

(I had previously asked about how to disable Basic Auth on the client side, was told more than once it's not possible - but it is, via client/browser registry keys)

Thanks.

1 answers

It's perfectly fine to use forms authentication. All you need to do is navigate to the folder or file you want to protect, then go to Authorization Rules. Add a deny rule for anonymous users, when users who are not logged in try to click on any file in that folder, they will be redirected to your login page. You can find a lot of guides on forms authentication in Google, you can refer to the following:

https://learn.microsoft.com/zh-CN/troubleshoot/developer/webapps/as.net/development/forms-based-authentication

https://learn.microsoft.com/en-us/iis/application-frameworks/building-and-running-as.net-applications/how-to-take-advantage-of-the-iis-integrated-pipeline

Password protect ASP.net site in IIS 7

Easiest way to password protect entire YII site?

What is the best way to protect a PHP page?

PHP cURL “CURLOPT_USERPWD” or best way to protect the API?

How do I password protect IIS in a method analogous to Apache's AuthType / AuthUserFile mechanism?

Password protect html page

password protect prometheus access

Yii, best way to implement “user change of password”

What is the best way to pass security token to non IIS services

Password protect Laravel subfolder with htaccess

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Password protect ASP.net site in IIS 7 Easiest way to password protect entire YII site? What is the best way to protect a PHP page? PHP cURL “CURLOPT_USERPWD” or best way to protect the API? How do I password protect IIS in a method analogous to Apache's AuthType / AuthUserFile mechanism? Password protect html page password protect prometheus access Yii, best way to implement “user change of password” What is the best way to pass security token to non IIS services Password protect Laravel subfolder with htaccess

Related Tags

Best way to password-protect folders on IIS

Question

1 answers

solution1 0 2023-01-15 09:35:11

solution1
0 2023-01-15 09:35:11