For a .NET 1.1 website that I just moved, there is a folder that was password protected from IIS (6) using windows authentication. The new server is running IIS 7 and the host does not want to install basicAuthentication or windowsAuthentication roles because it’s a shared server. What other alternatives are there to protecting this folder? It only needs a single username/password and doesn’t need any special management.
I thought I saw IIS 7 had it’s own users and authentication system, is this a viable option?
You can put security in the web.config on a particular folder for a user, set of users, or a role:
Setting authorization rules for a particular page or folder in web.config