How can I configure IIS to prompt for passwords on a web application running on ASP.NET MVC in IIS?
I want to password protect the Views\ApplicationLog\
folder, so that browsers ask for username and password when users try to access this folder.
How could I accomplish this? Can this be done directly from IIS, or do I need to set something in web.config?
Please try to be thorough, I don't know IIS all that well.
If you're using MVC, you shouldn't have anyone directly accessing anything under your Views
folder at all. Instead, your Controllers
(or their actions) will assert whatever authentication is required.
In this specific case, it looks like your controller is named ApplicationLogController
. So you'd add an [Authorize]
attribute on the controller as follows, and it will automatically ensure that anyone accessing the controller methods is authorized.
[Authorize] // You can also do [Authorize(Roles="MyRole,YourRole")], etc...
public class ApplicationLogController : Controller
{
...
}
In the IIS 6 manager, go to the "Directory Security" tab, click on "Edit" then check "Integrated Windows Authentication" and / or "Basic Authentication" depending on the modes you want to support.
In system.web within your app's web.config:
<authentication mode="Windows">
<authorization>
<deny users="?" />
</authorization>