Default IIS is configured to allow everyone to open the website you are hostin. If you want to use some form of authentication, you can use Basic Authentication so users must enter their credentials to view the site.
| Open IIS and navigate to the site that needs the Basic Authentication.
Click on Authentication and disable Anonymous Authentication
Enable Basic Authentication |
|
| Open IIS and navigate to the site that needs the Basic Authentication.
Click on Edit Permissions |
 |
| Click on the Security tab |
|
| Remove the inheritance and remove Users |
|
| Click on Add and add the group or users from Active Directory that need access. |
|
| Important, if you use an Application Pool also add the Application Pool user, otherwise it will fail |
|
| On the Security tab, add the local user `IIS AppPool\`
For example `IIS AppPool\Production_Pool’
It only need Read permission. |
|
| Always use SSL
Because otherwise credentials will be send over the wire unencrypted. |
|
| Close the security window and open the website, check if there is pop/up where you need to log on. |
 |
Comments are closed