password protecting entire directories on windows server

The conventional way is to create local or domain users and grant/deny them specific permissions using NTFS permissions.  I take it that you are looking for an alternative that is more like using an htaccess file.  If I am correct in this, take a look at IIS Password at www.snapfiles.com/freeware/server/fwiis.html.

BTW - credit is due to meverest as I am only aware of this because he recommended it in a different thread (https://www.experts-exchange.com/questions/21390483/Setting-up-web-users-on-IIS-outside-of-the-domain-users.html).  I downloaded it to try it out and it's very useful.

i can't use this with a server that i'm not hosting, can i?  i'm hosting with another company.  i was under the impression that i could only use IIS Password if it was on my own server/hard drive.

code_red

Hmmm, you probably can't, though you may want to check with your host.  Some are much more open to helping you with this sort of thing than others.  While you're at it, you may want to ask them if there's a simple way to do this with whatever their setup/config is.

Otherwise, you may want to consider using some server-side scripting method of setting up user authentication.  There are some very good user authentication scripts available.  If this is of interest to you, let me know whether you are using ASP or PHP.

i've talked to the host time & time again...they cannot offer me any help.  they say i have to find the scripts myself.  

i'm using ASP.  i would like something that is secure, of course.  thanks for your help.

Another option would be to ask for recommendations in the ASP TA (https://www.experts-exchange.com/ASP).

well, i usually use PHP, where in that case, i would use htaccess.  unfortunately, we were having problems with their web forms using php and the information 'disappearing' in IE when the user went 'back', then the user's info from that page would not be submitted, even though they thought it would be.  it was very frustrating that no matter what i did, i ended up with the same result - missing information.

have you come across this problem?  if so, how did you resolve it (without using a database - they don't have that kind of cababilities right now)?

". . . information 'disappearing' in IE when the user went 'back' . . ."
That's an IE trait that I've experienced while using many sites, including E-E.  It's one of many reasons I switched to Firefox.  I suspect there is no web dev way around it, but I'm not a browser expert.

well, the problem would not so much be the info disappearing for the user, but when the user re-enters the info, it still doesn't come thru to the fwrite.  personally, i use firefox as well, but unfortunately, 90% of the world uses IE, so I have to develop the forms to work with that.

i guess i'll move on.  thank you for trying.

Ah, I see.  Yes, you do have to be mindful of the IE dominance when you are developing a site even if you've chosen to make your own life easier by using Firefox :)

You might do well to ask about this in Web Dev section.  I typically use a database for this sort of thing as you noted above.

would it be alright if i deleted this question, since i will need to post it elsewhere to get help?

thanks.

IMHO - Your original question was about secure ways to password protect an entire directory and that question has been answered.  It is only the largely unrelated follow-up questions that haven't been answered (and which probably should have been asked as new questions elsewhere).

If you disagree, you can post a request to close the question in Community Support (https://www.experts-exchange.com/Community_Support) and have a moderator decide what is most appropriate.

the answer you gave me about IIS password will not work with the server I'm forced to use.  everything i've found on ASP password protecting will not allow me to password protect entire directories.

i'll look into it some more.  sorry i offended you.

I'm not offended, I just disagree :)

I took a look and you are correct that most of the solutions at the Hotscripts link I provided are more suitable to secure individual files rather than entire directories.  However, given how server side languages work, you are not going to find a solution that does not require you to include at least a little bit of code on each of the individual pages you want to protect.  If that does not suit your purposes, then the real answer is that you can't do what you want to do unless you switch to a host that will allow you to use the ISAPI solution above, which would be preferable anyway.

thank you.  i was looking at the VT Auth on hotscripts.  i'm not sure, but it SEEMS like it will work...i'll have to try it out first though.  yes, i cannot put the script on each page i want protected b/c the forms write the results to their own txt file in that secure folder.  ah well, i had hoped i'd get the answer i needed at EE.  who knows, may the VT Auth will work!

thanks for your time...

Good luck with the script.  I'd be interested to hear how it works out.