IIS 7.0 Basic Authentication (Webserver security)
While working on my friends website, I was asked to provide some sort for Authorization feature for his personal video and picture directory/web-page. So while looking into IIS 7 feature list I decided to use "Basic Authentication" feature to provide a very simple authorization mechanism.
Basic authentication basically prompts the user to enter a valid user name and password to access content. This authentication system seems to be working on all major browsers and also seems to be working behind firewalls and proxy servers. These obvious reasons made it a good choice to restrict access to some, but not all, content on a server. However, the disadvantage of this authentication feature is that it transmits unencrypted passwords across the network!!
* Before we go into the typical setup we need to make sure the Basic Authentication is enabled on IIS. To install Basic Authentication we need to goto "Windows Features On/OFF" in Control Panel and manually enable it.
* To create a Authenticated account of the server goto Control Panel -> Administrative Tools - > Computer Management -> Local Users and Groups -> Users and right click and create a "New User".
* Once the new account is created, we need to give permission to the specific web folder to this particular user. So goto the web folder and right click and "properties" and navigate to Security Tab and Edit Permissions and then click "Add" users. In the popup window enter the new user name and click "Check names" to auto populate the user name.
* Now Open up IIS 7 and drill down to the web folder that requires the authentication. In the folder feature window, open the Authentication feature and enable the Basic Authentication feature as show in the screen shot below.
Walla...That's it. The web directory would now be prompted for UserName and Password.
<< Home