There are two things worth noting about the installation:
-
It restarts IIS, so if you’re installing on a live Web server, be sure to do so at an opportune time when a few seconds of downtime won’t be noticed.
-
It installs a utility called LiveUpdate that you can use to check for available updates. It’s a cool utility, but you’ll probably want to set it to not run constantly.
Configuration
Organizations that are migrating Apache sites don’t need to do much in terms of configuration. Simply upload your content along with your .htpasswd and .htaccess files, and you should be good to go. The program automatically picks them up and secures the appropriate files.
For those who are not migrating an established authentication setup, IISPassword has a simple user interface. It’s accessed via Internet Services Manager (ISM) (Start -> Programs -> Administrative Tools -> Internet Information Services
) or simply run C:windowssystem32inetsrviis.msc
(or similar depending on the location of your windows directory).
From ISM, right-click the root of your web site and select “Properties”. In the resulting property page, you’ll see a new “IISPassword” tab. From there, simply right-click on the folder you want to secure and select “Protect”.
You’ll see that the folder now has a little symbol indicating it is secured. Now, to access it you’ll need a user name and password. To set one up, simply click the “Add …” button under the list of users and enter a user name and password. You can also enter a title that will be displayed in the authentication box when it pops up. I just entered “Enter Login Info!”.
That’s all there is to getting it up and running. You can obviously set up a much more advanced configuration, but that’s all you need to do to get started. Explaining all the available .htaccess system directives is beyond the scope of this article, but if you’re looking for information about additional configuration directives, start with the help file. It’s not spectacular, but it is well-written and should answer most of your questions.
For those looking to automate the process of creating user accounts, IISPassword also includes a command line tool called UserLine for creating user lines and optionally adding them to password files.
What the Users See
Now that we’ve secured our content, let’s try and get to it. Here’s what we see when we request a secured document. Notice that the “Enter Login Info!” entered earlier is here to greet us.
When we enter invalid login info, we’re bounced to an error message telling us we’re not allowed in.
If you have concerns about users seeing what product is being used, simply edit the HTML files in the “ErrorDoc” subfolder of the installation directory. You’ll also need to restart IIS for it to pick up changes to these files. Although we’re not sure how supported this is, it worked fine when tested. Just in case, you should be sure to make a backup of the originals in case you need them.
When we enter a valid user name and password we’re served the requested document without any further delay.
Conclusion
Although IISPassword is certainly not for everyone, if you’re looking for a way to secure content without setting up system-level user accounts or moving sites involving authentication from Apache to IIS and vice versa, it’s certainly worth a look. It’s a great little product whose price can’t be beat. For more information, check out the following links.
This article was originally published on 15 Seconds.