IIS7 - How to password protect a single folder using a Web.config file?

Question

I have a folder that contains log files. They're not super critical, but I don't want total strangers looking through them. I'd like to put a password on that one folder. The folder and its contents are served straight up from IIS, so I'm not looking for a coding solution.

With Apache I'd use a .htaccess file.

With IIS it's possible to use multiple Web.config files at various levels to control this kind of thing.

So, what goes in the Web.config file that allows me to require a password when accessing this folder?

• I'm happy for the password to pop up in a dialog like old-school websites used to do (not sure what this is called -- I think it is digest authentication) and so avoid any loginUrl redirection stuff
• I'm happy to put the password in the Web.config file in plain text if it's easier

The application is internet facing and running on shared hosting, so I don't have much control over the box beyond what I can configure in Web.config.

Answer 1

You can achieve this using the <location path="..."/> element of web.config file.

Check this link for step-by-step instructions..