HTTP Basic Authentication against Non-Windows Accounts in IIS/ASP.NET (Part 3 – Setting up IIS6/ASP.NET)

In the previous post I explained how the authentication module works. Now which steps are required to get the demo app included in the download to work?


  1. Create a vdir in IIS that points to the sample site.
  2. Mark it as an application.
  3. Disable all authentication methods besides “anonymous”.
  4. If you want to protect static content (e.g. jpg or xml), you also have to add the aspnet ISAPI extension as a wildcard mapping. Go to the application properties -> Home Directory -> Configuration. Go to the tab with all the script mappings, pick e.g. the .aspx mapping and copy the path to the ISAPI dll to the clipboard. In the bottom part of the same dialog add a wildcard mapping and set the previously copied path. Now ASP.NET will get invoked for all incoming requests.

This should be it. Now navigate to default.aspx in the browser and use alice/secret as the credential. You can also try the included asmx client. Be aware that you may have to change the requireSSL config attribute and/or the URLs.

This entry was posted in ASP.NET, WCF. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s