Q: We have a section on our Web site that we’d like to be able to lock down and allow only certain users to access. This area of the Web site doesn’t need to be publicly accessible. We’d like to avoid having any custom programming done; is there a way to limit access by using Microsoft IIS or Windows security?
A: Yes, it’s pretty easy to do. I assume the area of the Web site in question is in its own folder. In that case, you just need to configure IIS to require authentication for that folder. Then, edit the NTFS file permissions on that folder and limit Read and Execute access to the users or groups authorized to access it. In the Microsoft Management Console (MMC) IIS snap-in, open the folder's properties and select the Directory Security tab. In the Authentication and access control section, click Edit. Now, in the Authentication Methods dialog box, clear the Enable anonymous access check box and select the Integrated Windows Authentication check box. IIS will now require clients to authenticate before accessing that section of the Web site. Because users must authenticate, Windows will permit only users with Read and Execute permissions to access the contents of the folder. To access the NTFS permissions, open the folder’s Properties dialog box in Windows Explorer and select the Security tab.