How do I implement the protection of the pages (asp.net mvc app), so when I hit the home page or any other pages within the application I get a login dialog popup in the browser
I'm looking for something similar to what Apache .htaccess and .htpasswd is doing.
I have IIS 7.5/Windows Server 2008 R2 Web edition.
First of all you need to enable Basic Authentication. You can find this setting in the Authentication feature for the site in IIS Manager:
Double click on the icon then right click on Basic Authentication and select Enable:
You can also configure this directly in your web.config file (your application doesn't even have to be an ASP.NET application):
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<security>
<authentication>
<basicAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
<configuration>
This will only work in the web.config provided that this feature has been delegated as Read/Write.
Out of the box you would need to create a separate Windows 2008 account for each login.
If you wanted to use a custom store (SQL Server, Membership Service) then you'd need to write your own Basic Authentication module:
In the IIS Manager in Sites->Yoursite->Authentication you can disable "Anonymous Authentication" and enable "Basic Authentication" or any HTTP 401 Challenge that's appropriate for your website.
