So, I've googled the crap out of this and the results seem inconclusive to me. Here's my situation: I have two Winhost sites. One is my live production site, the other is my testing stage site. I want to completely password protect my stage site, having it present an HTTP Auth style login and password prompt, NOT a page. Any way to do this? I've head the argument "If you want Apache-style auth, use Apache", but obviously that's an obtuse statement. Any way to do something something similar? The main goal here is that I want to be the only person that can even hit the root of the site. I've done this many times with .htaccess on LAMP setups, but never done anything like this on IIS? Any suggestions? - Joe
Try looking at this kb article. http://support.Winhost.com/KB/a671/password-protecting-directories-in-iis-7.aspx
Yeah, I tried that, but all that did is re-route all unauthorized requests to my login page. I don't even want my login page exposed. I want every page in the site to be hidden until passing a basic HTTP Auth prompt. Seems that there were a couple tools for IIS 6 that accomplished this. Here's one that's very promising, but only for IIS 6: http://www.iistools.com/en/iispassword.html I haven't found anything similar for IIS 7. - Joe
As far as I can tell. I think I set it to disallow all with a "*". It's been a while since I messed with it. I'll post if I figure it out.
Okay, so I tried this: http://support.Winhost.com/KB/a671/p...-in-iis-7.aspx This simply redirects me to my site's login page on every page request. I'm sure it's working as intended, but it's not quite what I want. Because my login page is within my site's wrapper, it still exposes the site's branding, links, style. The beauty of the htaccess-based HTTP Auth in Apache is that you can have the whole site up and running, but it's hidden behind that simple username/password authentication popup; the same kind of popup you've seen if you've ever logged into the admin page of a typical wifi router. Like this: When you're ready to go live, you simply remove a few lines from the htaccess file, and voila!, the site is live. While writing this reply, I came across this: http://helicontech.blogspot.com/2009/03/enabling-site-authentication-not-using.html I'm gonna check it out (free for 3 servers). I'll post a reply if I get it working. - Joe
Unfortunately .htaccess is not compatible with Windows 2008/IIS 7. The Winhost kb article should have worked. Do you have a link I can look at?
SOLVED!!! Helicon Ape is one of the most wicked awesome and valuable IIS7/ASP.NET dev tools I have ever encountered! If you want Apache style authentication on IIS and SOOooooo much more, I HIGHLY recommend checking out Helicon Ape. Now, I'm using .htaccess and .htpasswd files to secure my IIS 7 staging server, just as I would with Apache. Amazing. Anyone that find this post and wants help, just lemme know via PM. - Joe
