Password protecting directories in IIS

Password protection is achieved in IIS by removing anonymous user access to a directory. There are two ways to accomplish this.

The first is manual password protection. Add following into the web.config file in the directory that you wish to protect:

 
<configuration>
  <system.webServer>
    <security>
      <authorization>
        <add accessType="Deny" users="?" />
      </authorization>
    </security>
  </system.webServer>
</configuration> 

To allow additional users to access the site, you must grant the user access in the Permission manager of the DiscountASP.NET Control Panel.

The second method is to use the IIS Manager. IIS  Manager runs on your computer and is used to do certain maintenance and configuration tasks in IIS. We recommended that IIS Manager be used by experienced developers only.
  • Add the primary user to the allowed IIS Admin user list in the DiscountASP.NET Control Panel (IIS Tools)
  • Connect to the site
  • Go to the directory you want to password protect in the left pane
  • Double click "Authorization Rules" in the right pane
  • Click "Add Deny Rule"
  • In the pop up box, select "All anonymous users"
  • Click "OK"
  • Note that this action will add some entries into your web.config file