Sometimes, you might feel the need to simply protect a public directory on your webserver. Using IIS gives you several options to achieve this, but today we will discuss how to enable a simple login page that requires only one file and a few entries in web.config.
First of all, I used the login page created by Alen Grakalic he created a great CSS3 Login page with validation, and everything in a single file. Perfect, that's just what we needed to create a simple drop in login page for IIS using ASP.NET.
The final result will look something like this:
To install it, just copy the contents of the zip attached to this post to your IIS webserver. Make sure that your application pool is configured to run under ASP.NET 4.0.
To edit the user accounts, open the web.config file and find the credentials section, where you can edit the user accounts that are allowed to log in. Pay special attention to this section in web.config:
<validation validateIntegratedModeConfiguration="false" />
This section makes sure that if you have files in the public directory that are not handled by ASP.NET (e.g. html/text/image files) are protected as well.
This section is also quite important as it denies anonymous users access to your content:
<deny users="?" />
With the proper configuration, this solution is secure, and it's not easy to circumvent the login mechanism. The login logic is provided by ASP.NET, and has been thoroughly tested by Microsoft and developers all around the world. Of course, this is just an example and I'm in not responsible for the security of your content, always do some tests!
For a demo go to http://demos.michaelwullink.com/login/login.aspx.
You can login with the accounts: