5

Forgive my lack of IIS experience, but I have a user on a hosted server running IIS with Plesk. He uses protected folders, and I'm looking for a way to:

  1. Allow him to protect folders using a simple username/password combo
  2. Whitelist a static IP so the folder can always be accessed without auth from that server

It doesn't have to—and preferably wouldn't be—a Plesk-only solution. If there's a way to do it through web.config that would be even better.

I'm basically looking for the IIS equivalent of an Apache htaccess/htpasswd auth :)

Thanks!

Aksival
  • 151
  • 4
  • BTW, whic version of Windows server/IIS is this? – uSlackr Mar 01 '12 at 14:00
  • Off the top of my head, I'm not sure, but I was hoping for a solution that would be generic enough to suggest to other IIS users who may have the same problem. I'm beginning to think there's no silver bullet for this one. – Aksival Mar 01 '12 at 19:01

2 Answers2

2

There may be another way, but simply you can
- create a local user under Windows,
- add them to a local user group,
- remove anonymous access to the folder containing the web site and
- change file permissions to only allow access to members of the local user group

For the IP whitelist, there doesn't appear to be a way to override basic auth by IP address.

Its a bit of a kludge, but you could point a separate virtual site to the same directory and lock it down to nothing other than the local IP. Perhaps use host header to select the new site

uSlackr
  • 6,337
  • 21
  • 36
0

I believe that's the tool you're looking for, @Aksival: http://www.iistools.com/en/iispassword.html

I'm not sure if it'll provide a whitelist for a static ip (I think not), but it definitely allows you to setup authentication for specific directories served by IIS.

Luis Fernando Alen
  • 540
  • 1
  • 5
  • 11
  • The whitelisting is critical, as the user can already protect folders through his Plesk interface. – Aksival Mar 01 '12 at 00:31