Password-Protect an IIS 7 Site: Difference between revisions
Jump to navigation
Jump to search
(Created page with "==Configuration== 1) Update <code>Web.Config</code> <syntaxhighlight lang="xml"> <system.webServer> <security> <authorization> <remo...") |
|||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
==Configuration== | ==Configuration== | ||
1) Update <code>Web.Config</code> | 1) Add '''Authorization Rule''' | ||
* '''IIS Manager''' > '''Sites''' > ''my_site'' > '''IIS''' > '''Authorization Rules''' | |||
* '''Add Allow Rule...''' | |||
** Select '''Specified Users''' | |||
** And the names of the users accounts that can access the site. | |||
** Click '''OK''' to save. | |||
''Alternatively,'' Update <code>Web.Config</code> | |||
<syntaxhighlight lang="xml"> | <syntaxhighlight lang="xml"> | ||
<system.webServer> | <system.webServer> | ||
| Line 18: | Line 26: | ||
2) Configure Windows Authentication in IIS Manager | 2) Configure Windows Authentication in IIS Manager | ||
*IIS Manager > Server > Sites > the website to be password-protected > Authentication | * '''IIS Manager''' > '''Server''' > '''Sites''' > ''the website to be password-protected'' > '''Authentication''' | ||
*Anonymous Authentication > Enabled | * '''Anonymous Authentication''' > Enabled | ||
*Windows Authentication > Enabled | * '''Windows Authentication''': > Enabled / '''Response Type''': HTTP 401 Challenge | ||
3) If it seems like the login is going in an endless loop | 3) If it seems like the login is going in an endless loop | ||
#Click '''Start''', click '''Run''', type regedit, and then click '''OK'''. | # Click '''Start''', click '''Run''', type `regedit`, and then click '''OK'''. | ||
#In Registry Editor, locate and then click the following registry key:<br /><code>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0</code> | # In Registry Editor, locate and then click the following registry key:<br /><code>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0</code> | ||
#Right-click <code>MSV1_0</code>, point to '''New''', and then click '''Multi-String Value'''. | # Right-click <code>MSV1_0</code>, point to '''New''', and then click '''Multi-String Value'''. | ||
#Type '''BackConnectionHostNames''', and then press '''ENTER'''. | # Type '''BackConnectionHostNames''', and then press '''ENTER'''. | ||
#Right-click '''BackConnectionHostNames''', and then click '''Modify'''. | # Right-click '''BackConnectionHostNames''', and then click '''Modify'''. | ||
#In the '''Value data''' box, type the host name or the host names for the sites that are on the local computer, and then click '''OK'''. | # In the '''Value data''' box, type the host name or the host names for the sites that are on the local computer, and then click '''OK'''. | ||
#Quit Registry Editor, and then <span class="highlight">restart the IISAdmin service</span>.<br /><span class="dimtext">(Start > Administrative Tools > Services > IIS Admin Service > right click > restart)</span> | # Quit Registry Editor, and then <span class="highlight">restart the IISAdmin service</span>.<br /><span class="dimtext">(Start > Administrative Tools > Services > IIS Admin Service > right click > restart)</span> | ||
source: [http://support.microsoft.com/kb/896861 MS KB 896861] | source: [http://support.microsoft.com/kb/896861 MS KB 896861] | ||
Latest revision as of 02:53, 9 February 2013
Configuration[edit]
1) Add Authorization Rule
- IIS Manager > Sites > my_site > IIS > Authorization Rules
- Add Allow Rule...
- Select Specified Users
- And the names of the users accounts that can access the site.
- Click OK to save.
Alternatively, Update Web.Config
<system.webServer>
<security>
<authorization>
<remove users="*" roles="" verbs="" />
<add accessType="Allow" users="damien" roles="" />
</authorization>
</security>
</system.webServer>
TODO: Figure out how to enable all windows accounts, or all accounts within a "web users" group or something.
ALSO: Figure out as an alternative ".Net Forms Authentication"
2) Configure Windows Authentication in IIS Manager
- IIS Manager > Server > Sites > the website to be password-protected > Authentication
- Anonymous Authentication > Enabled
- Windows Authentication: > Enabled / Response Type: HTTP 401 Challenge
3) If it seems like the login is going in an endless loop
- Click Start, click Run, type
regedit, and then click OK. - In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0 - Right-click
MSV1_0, point to New, and then click Multi-String Value. - Type BackConnectionHostNames, and then press ENTER.
- Right-click BackConnectionHostNames, and then click Modify.
- In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
- Quit Registry Editor, and then restart the IISAdmin service.
(Start > Administrative Tools > Services > IIS Admin Service > right click > restart)
source: MS KB 896861
Any new password-protected subdomains will need to be added to that registry key.
How to set the site back to allow anonymous access[edit]
1) IIS > [the_site] > IIS > Authentication
- Anonymous Authentication > Enabled
- Windows Authentication > Disabled
2) IIS > [the_site] > IIS > Authorization Rules
- Remove allow only the specific user rule
- Add Allow Rule... > All Users