Sometimes you might feel the need to simply protect a public directory on your webserver. Using IIS gives you several options to achieve this, but today we will discuss how to enable a simple login page that requires only one file and a few entries in web.config.
First of all I used the login page created by Alen Grakalic he created a great CSS3 Login page with validation, and everything in a single file. Perfect that’s just what we needed to create a simple drop in login page for iis using asp.net.
The final result will look something like this:
Image may be NSFW.
Clik here to view.
To install it just copy the contents of the zip attached to this post to your iis webserver. Make sure that your application pool is configured to run under asp.net 4.0 (will later at a web.config file for asp.net 2.0 support).
To edit the user accounts open the web.config file and find the credentials section, where you can edit the user accounts that are allowed to log in. Pay special atention to this section in web.config:
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules runAllManagedModulesForAllRequests="true"></modules>
</system.webServer>
It makes sure that if you have files in the public directory that are not handled by asp.net (e.g. html/text/image files) are protected as well.
This section is also quite important as it denies anonymous users access to your content:
<authorization> <deny users="?" /> </authorization>
With the proper configuration this solution is secure, and it’s not easy to circumvent the login mechanism. The login logic is provided by asp.net, and therefore has been thoroughly tested by Microsoft. Of course this is just an example and I’m in no way responsible for the security of your content.
For a demo go to:
http://demos.michaelwullink.com/login/login.aspx
You can login with the accounts:
username: user1
password: secret
username: admin
password: secret#23
Looking for a more complete user management solution?
Check out the Simple User Account Management Module
