0

I'd like to have a website authenticated with basic auth, but then also allow the website to access itself locally. That is, I want to allow unauthenticated access only from localhost.

In IIS I have only basic authentication enabled (not worrying about SSL for now), and I have the correct file system permissions such that outside users can login successfully and view the website.

I have tried setting IIS_IUSR as owner of the directory, and added IUSR with modify permissions, however I'm still getting a 401 error when the website tries to access itself.

Anyone have any idea how to get this to work?

George
  • 103
  • 4

1 Answers1

1

Setup another site that is pointed to the same content directory. Enable a couple things

1) only allow connections from 127.0.0.1 2) Use a location tag in the applicationHost.config enabling anonymous. If you don't have any of the security providers config'd in the web.config, that'd be the best, then you can control the authentication providers within applicationhost.config
3) use a local hosts file with a dummy name in the bindings or update the bindings ip address to be 127.0.0.1 or pick something like 127.0.0.10

Steve Schofield
  • 429
  • 2
  • 4