I'm in the process of building an ASP.Net/C# site on IIS 7.5 and I would like to block all mobile phones from accessing this website.

How can I block/deny access to this website (which uses Windows Authentication) from all types of mobile phones? I'm building an internal application that I want only desktops with IE to access. This is more of a security need than anything.

Ideally I would like to check to see if the user is accessing this website via mobile phone (or just approved browsers) first before any Windows challenge/response happens.

I've been looking to Google for pointers (with no luck) on this as well as looking at URL Rewrite options. Since I'm relatively new to this aspect of Web Programming I'm at a bit of a loss on where to begin looking or if I'm even looking in the right places. I'm not sure if I should just allow one approved browser through or block all mobile phones.

Your only hope it to check for the User-Agent header property on the HTTP request, and deny content to those User-Agents coming from mobile phones.

Here's a list of user agents for mobile devices: http://www.zytrax.com/tech/web/mobile_ids.html

You'll have to use the HttpResquest.UserAgent property for that: http://msdn.microsoft.com/en-us/library/system.web.httprequest.useragent.aspx

Good luck.

You will likely have to use an IIS module (like URL Rewrite v2) and do something like this: http://forums.iis.net/t/1169853.aspx

Look at the request blocking feature.