How do I restrict access to certain web files/folders on an IIS 7.5 based web server?

Posted by cpuguru on Server Fault See other posts from Server Fault or by cpuguru
Published on 2010-12-14T18:07:07Z Indexed on 2012/03/22 11:31 UTC
Read the original article Hit count: 191

Filed under:
|

We're moving a website that was previously hosted on Win2k3 & IIS 6 to a Win2k8 R2 & IIS 7.5 platform.

The website is public, but we want to restrict anonymous access to certain files and folders such that the user would be prompted for a password to access them.

If this were Apache, a simple .htaccess file would serve the purpose. However, since it's IIS 7.5 and we're serving up mainly static HTML files and a few classic ASP pages I'm in a bit of a quandry as to how to restrict access to individual files and folders for various committees such that attempts to committee_1's files and/or folders would prompt the user for a password and, if entered correctly, would serve up their files. Same thing for committee_2 and so on.

Under IIS 6, we would take away the read privileges for IIS_IUSRS and create a user called "committee_1" with a password known by the group and give that user read privileges to the files/folders.

There's got to be a better (and more secure) way.

Reminder, these are not *.aspx pages that are being served up.

Any suggestions on how to password protect key files and/or folders under IIS 7.5 are much appreciated.

© Server Fault or respective owner

Related posts about permissions

Related posts about iis7.5