How do I restrict access to certain web files/folders on an IIS 7.5 based web server?
Posted
by
cpuguru
on Server Fault
See other posts from Server Fault
or by cpuguru
Published on 2010-12-14T18:07:07Z
Indexed on
2012/03/22
11:31 UTC
Read the original article
Hit count: 191
permissions
|iis7.5
We're moving a website that was previously hosted on Win2k3 & IIS 6 to a Win2k8 R2 & IIS 7.5 platform.
The website is public, but we want to restrict anonymous access to certain files and folders such that the user would be prompted for a password to access them.
If this were Apache, a simple .htaccess file would serve the purpose. However, since it's IIS 7.5 and we're serving up mainly static HTML files and a few classic ASP pages I'm in a bit of a quandry as to how to restrict access to individual files and folders for various committees such that attempts to committee_1's files and/or folders would prompt the user for a password and, if entered correctly, would serve up their files. Same thing for committee_2 and so on.
Under IIS 6, we would take away the read privileges for IIS_IUSRS and create a user called "committee_1" with a password known by the group and give that user read privileges to the files/folders.
There's got to be a better (and more secure) way.
Reminder, these are not *.aspx pages that are being served up.
Any suggestions on how to password protect key files and/or folders under IIS 7.5 are much appreciated.
© Server Fault or respective owner