IIS (2012R2) Simple Basic Authentication on a Folder
Posted on 2015-01-24
We recently transitioned from a 2003 to a 2012R2 IIS box and I'm at a loss with regards to not getting Basic Authentication to work to protect a simple folder.
Previously we forced a URL to HTTPS with a rewrite for a given folder, set the folder to Basic Authentication, set the Domain the domain the server was in and set the realm to '/'. That was it, pretty simple.
IIS 8 seems even more simple on this front, set Require SSL, Disable Anonymous and Enable Basic at the folder. Same Domain and Realm settings. However, when the folder is accessed from a browser (IE, FF, C) it immediately gives a 401.2 error without prompting for user ID/PWD.
Most searches are turning up complex issues regarding asp/.net apps and issues between application pool identities. I must be leaving out something pretty simple, but not figuring it out. I do have .php files we would like to use, but the same effect occurs with regards to a simple html or pdf file... all view just fine if anonymous is turned back on.
What am I missing?... and is there a good article/whitepaper that someone can direct me to that details it as the TechNet and MS KB's I've finding from IIS 7 - IIS 8 do not go into any further detail than what I've figured on my own.