What is the best way to restrict access to a development website?

Question

I have a site i am working on that i would like to display only to a few others for now. Is there anything wrong with setting up windows user names and using windows auth to prompt the user before getting into the development site?

Answer 1

There are several ways, with varying degrees of security:

• Don't put it on the internet - put it on a private network, and use a VPN to access it
• Restrict access with HTTP authentication (as you suggest). The downside to this is it can interfere with the actual site, if you are using HTTP auth, or some other type of authentication as part of the application.
• Restrict access based on remote IP. Just allow the IPs of users you want to be able to access it.
• Use a custom hostname. Have it on a public IP, but don't publish the hostname. This means make an entry in your HOSTS file (or configure your own DNS server, if possible) so that "blah.mysite.com" goes to the site, but that is not available on the internet. Obviously you'd only make the site accessible when using that hostname (and not the IP).

Answer 2

That depends on what you mean by "best": for example, do you mean "easiest" or "most secure"?

The best way might be to have it on a private network, which you attach to via VPN.