Password Protect Directory Directly From IIS - VPS/Dedicated Servers

Password Protect Directory Directly From IIS - VPS/Dedicated Servers

In the event that you want to lock down a specific directory and you have administrator privileges on the server, this is one way you can go about it.
  1. Log into the server and open IIS Manager
  2. Drill down the navigation tree to the domain and/or directory you wish to password protect
  3. In the ASP.Net section, click on Authentication
  4. Set all to Disabled except for Basic Authentication, set that to Enabled
  5. In the ASP.Net section, click on Authorizatrion Rules
  6. Under the Actions pain, click Add Allow Rule...
  7. Under Specified Users, add the full windows username for the user you wish to have access
  8. Test by loading the directory in browser and using the user and credentials added in step 7

Notes on users:
  • You can add users either through an IIS integrated CMS (hsphere or plesk) or directly via Windows
  • Make sure the user has permissions for the domain root of the domain that you're wanting to secure

If you're still having issues connecting after setting it up this way, it's most likely a web.config issue. The following web.config is taken from a working protected directory and you should attempt to mirror it or identify discrepancies and investigate those:


<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <security>
            <authentication>
                <anonymousAuthentication enabled="false" />
                <basicAuthentication enabled="true" />
            </authentication>
            <authorization>
                <remove users="*" roles="" verbs="" />
                <add accessType="Allow" users="user1" />
                <add accessType="Allow" users="user2" />
            </authorization>
        </security>
    </system.webServer>
</configuration>


You can add as many users as you wish, just add a new user line per user.

If you're still having issues after this, please notify support via email or ticket submission.

    • Related Articles

    • Password protect directory in cPanel

      1. Log in to your cPanel account > Files section > Directory Privacy menu:  2. Select Document Root for option and the domain name in question from the drop-down menu, and hit Go:  3. Once there, you may pick up the directory you wish to protect:  4. ...

    • Protect a directory in H-sphere

      How to protect a directory through Hsphere: 1. Login to Your control panel 2. Click FTP Manager 3. Click File Manager (HtProtect) 4. Click Protect at the bottom 5. Browse to the directory you want to lock, in this case "admin" (click the + through, ...

    • Reset password manually in OnApp

      When password reset in onApp fails or does not work you can manually reset the password with the following process   Reboot in recovery. Login via recovery with user/password being root/recovery or root/defaultrootpassword <-- could be either one, ...

    • Password Protection for Hsphere Windows Directories

      If you are in a Shared Windows HSPHERE environment and wish to  password protect a directory please follow these steps:   1. Create a sub-ftp account via your h-sphere control panel. This can be found under >FTP/User Account>FTP User>FTP sub-accounts ...

    • Intro to IIS binding

      Intro to IIS bindings --------------------------- Microsoft’s Internet Information Services (IIS) has been built around a very flexible “binding” system.  When working with a website a “binding” is the combination of protocol (http, ftp, https, ...