Question
I have a simple HTML site that I need to add windows authentication to so that I can limit certain resources.
I currently have the site running in a dev environment (IIS on my local machine) and I cannot seem to achieve the results that I need.
The main site needs to be open......anyone can access it. However, the subpages and their resources (downloadable pdfs and such) need to be blocked to certain AD security groups.
1) Using the web.config file below - the WHOLE site is asking for authentication (which is not what I want) and once I provide authentication, I am NOT being blocked from the location path that I provide.
2) This web.config IS NOT what my final one will look like, I was just testing to see if I could block a resource before I actually drop in my real allow/deny logic
Here is my simple web.config file:
https://stackoverflow.com/questions/22175905
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian<configuration>
<system.web>
<authentication mode="windows" />
</system.web>
<location path="district/district.html">
<system.web>
<authorization>
<deny users="*" />
</authorization>
</system.web>
</location>
</configuration>
No correct solution
OTHER TIPS
To secure a Single Page or document in IIS 7.5 with Windows authentication simply follow these steps:
1. Open IIS 7 Manager.
2. Click on “Content View “at the bottom of the IIS 7 Manager and navigate to the file you want to password protect.
3. Right click on the target file and choose “Switch to Features View”.
4. Double click on Authentication under IIS Area.
5. Disable “Anonymous Authentication”.
6. And Enable “Windows Authentication”.
