Password protecting directories in IIS

Password protection is achieved in IIS by removing anonymous user access to a directory. There are two ways to accomplish this.

The first is manual password protection. Add following into the web.config file in the directory that you wish to protect:

<configuration>
  <system.webServer>
    <security>
      <authorization>
        <add accessType="Deny" users="?" />
      </authorization>
    </security>
  </system.webServer>
</configuration>

To allow additional users to access the site, you must grant the user access in the Permission manager of the DiscountASP.NET Control Panel.

The second method is to use the IIS Manager. IIS Manager runs on your computer and is used to do certain maintenance and configuration tasks in IIS. We recommended that IIS Manager be used by experienced developers only.

Add the primary user to the allowed IIS Admin user list in the DiscountASP.NET Control Panel (IIS Tools)
Connect to the site
Go to the directory you want to password protect in the left pane
Double click "Authorization Rules" in the right pane
Click "Add Deny Rule"
In the pop up box, select "All anonymous users"
Click "OK"
Note that this action will add some entries into your web.config file

Article ID: 398, Created: 11/24/2008 at 7:24 PM, Modified: 12/27/2016 at 11:38 AM

Password protecting directories in IIS

Was this article helpful?

Share this article