Password Protection in IIS 6

This articles guides you through creating a password protected folder in IIS 6.  After password protection is configured, all users will need an NT login and password to connect to the portion of the site that is protected. This applies only to IIS 6.  To perform the same task in IIS 7, please see our IIS 7 support articles.

  1. Log into your server through Terminal Services or Remote Desktop Connection.  If you are unsure of how to connect via RDC, please see the following article.
  2. Create the Windows User by following the steps in the respective KB article for your server type: Windows 2003  | Windows 2008.
  3. Click Start, select Programs, and then click Administrative Tools.
    • For IIS 6.0 click Internet Information Services.
  4. In the left column you will see the Server Name. Expand the Server Name and then Web Sites to find the domain name.
  5. Right-click on the domain name and select Properties.
  6.  
  7. On the Directory Security Tab under Authentication and Access Control click Edit.
  8. Uncheck Enable Anonymous Access.
  9. Choose the level of Authenticated Access:
    • Integrated Windows Authentication: encrypts the password sent to the server (we recommend this method)
    • Digest Authentication: this level works only if Active Directory is configured
    • Basic Authentication: sends the password across the network in clear text (we do not recommend this method)
    • .NET Passport Authentication: a web authentication service
  10. Click OK and then click OK a second time.
  11. Navigate to the folder on your server containing the contents of your website.
  12. Right click the folder and select Properties.
  13. On the Security tab click Add.
  14.  
  15. Enter the name of the user you created and click OK.
  16. If you wish to allow other users to login, repeat steps 12 and 13 with the additional user names.

Your website is now password protected. If you prefer to password protect only a folder, rather than your entire website, you can repeat the exact steps above on the individual folder, rather than your entire website.