IIS file password protection

Posted on 2012-09-19
Last Modified: 2012-09-20
I'm a newby with IIS and have been asked specifically to learn password protecting files for a job interview.

Assuming I am understanding the exact request correctly, here is what I am attempting to do.  I'm trying to get prompted for a login when a user named jethro attempts to access file1.htm.  The user account jethro has been added to local users and groups.  Windows authentication is enabled in IIS authentication.   Anonymous authentication is disabled.  I believe I did it exactly the way the youtube tutorial below says.  For some reason his works and mine doesnt.  He clicks on file1 and gets prompted for a login.  I click on file1.htm and the file opens without allowing me to put in jethro's credentials.

Does anything pop in anyones mind about what I might be missing?  I dont expect anyone to actually watch the youtube but its there just in case someone wants to see exactly what I am trying to do.
Question by:anthtaddeo
    LVL 35

    Expert Comment

    As you deal with NTFS permissions, investigate your group membership and see, if you are a member of a group, which gets permissions by the group membership.
    So, if you are admin, you inherit the permissions from the admins group.

    Second, IE stores the user, so if you logon before, the browser keeps your logon as long as you are visiting the site.
    So just close the broser (all browser windows) before you try it again.

    Author Comment

    Thank  you! I think you are correct about the NTFS permissions.  Now I am finding it does work but just not the way it does for the guy in the video so I'm confused.  If someone can help open up my understanding it would be greatly appreciated.

    When I was doing this I was logged in as admin.  Reason being is the guy in the video never switched users when testing out his work so I think he was doing this from an admin account as well "having admin permissions".  Basically though, I was expecting to go to the home page "still logged in as admin".  Once I was on the home page I was expecting to click on a link "file1.htm".  When clicking on this link is when I was expecting to get prompted for a password.  It never made sense to me to begin with because  I never configured that specific file to do anything like this.  However, this is how it seemed to work for the guy in the video and I dont understand where I am going wrong.

    After the Bembi post, I decided to switch the user to Jethro.  Now when going to localhost, I get prompted to log in but here is the problem.  My goal is to password protect a specific file on the homepage.  Not the homepage itself.  Somehow it worked for the guy in the youtube I provided but it makes no sense to me because I dont understand what he did to make that link "file1.htm" link throw up a login box.
    LVL 35

    Accepted Solution

    Not quite difficult.
    He created a default.htm with the three links.

    Default.htm is accessable for all users...
    Link 1 (file1.htm) is a second file in the rule, and there he changed the permissions (Users group out, Jason in).
    the other two links he set the permission on the folder, was is then inherited to the files.
    So he throwed users out and out elly in.

    But not for the main page, what is default.htm.

    Also keep in mind, that the owner of a file (the creator) all the time has full permissions, as long as the owner is not changed. If you create a file, you have full permissions by default.
    In the security tab, you have also an owner tab to change the owner.

    Author Comment

    It worked and makes perfect sense now.   I've read about permissions but this excercise  and your assistance provided a better understanding.  Thanks a lot.  I really appreciate it.

    Author Closing Comment

    Bembi was right on

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Prologue It is often required to host multiple websites on a single instance of IIS, mostly in development environments instead of on production servers. I am sure it is not much a preferred solution on production servers but this is at least a pos…
    Lync server 2013 Backup Service Error ID 4049 – After File Share Migration
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now