17

How can I password protect a single directory in IIS 8 under Windows Server 2012 Standard?

Example: I want to be able to access mysite.com, but when navigating to mysite.com/secured, I want to be prompted for a password for access.

Jake
  • 602
  • 1
  • 9
  • 16

1 Answers1

18
  • Open your IIS manager and select the directory you want to protect.

  • Under the "IIS" section select "Authentication".

  • Disable "Anonymous Auth".

  • Enable the desired Auth method (usually "Basic Auth") and it will be valid for this directory only.

  • Add a User account.

    • Left click directory in IIS, Edit Permissions..., Security, Edit, Add, enter a user from your Active Directory
  • Give that user Read, Execute, List Permissions on the directory needed, then login via the newly created user.

    • left click newly added user and check Allow for Full control
  • To log in, use the domain username and password (i.e. UN: admin@myDomain.local, PW: p@$$w0rd).

    Note: You can add / remove auth methods @ Role Services window.


As an alternative you can code some auth system using serverside languages like PHP / ASP

xinthose
  • 135
  • 1
  • 10
Solrac
  • 448
  • 4
  • 13
  • 1
    Thanks, Solarac. Being new to IIS, I had not noticed that you could select a directory as well and then change the settings. I guess I was having trouble finding it because it was too obvious, and I am used to .htaccess files. Thanks again! – Jake Sep 18 '14 at 15:47
  • 3
    If 'Basic Auth' is not available in the list, you will need to install it first using Server Manager Add Role and Features. – Rosdi Aug 12 '15 at 15:03
  • 4
    What does "add a user account" mean? A windows account? – Chris Smith Jun 16 '17 at 23:35
  • Yes @ChrisSmith, this is a **Windows User Account**. You can manage them by right-clicking on the "*Start*" button, then "*Computer Management*", then "*Users and Groups*". – AlexLaforge Oct 13 '21 at 23:57