How do I password protect a directory?

If you have not already, login to the WedControlCenter (WCC) at
https://www.webcontrolcenter.com/ with your Customer ID and Password or https://www.webcontrolcenter.com/domain.aspx with your Site User and Password.
and from the menu item IIS click on IIS PERMISSIONS.

IIS PERMISSIONS:
 
  • First you will need to select the directory that you want password protected so that it becomes highlighted in yellow. Next, there will be a check boxes that states Allow Anonymous Access and Allow Anonymous Access for SSL . Uncheck these boxes and click save. You will now notice that when accessing this directory via HTTP and HTTPS you will are prompted for a user name and password.
 
  • The credentials that will gain you access to the newly restricted directory are your Primary Site User Credentials. These credentials may be obtained in the WCC by navigating to Site > Site User Admin.
 
  • If you wish to add a new set of credentials for access, select the Add link, supply a new Username/Password, and click Save.
 
  • After you have created a new Site User, navigate to the menu Site > File Permissions.
 
  • Select the directory that you removed anonymous access from so that it becomes highlighted in yellow and click the Add button. This will give you a drop down box of the users you have listed in the User Admin page. Select the user you would like to have access then assign the permissions for the user and click save.

** When adding additional 'Site User Admins' other than the primary user, these users must have at the very least READ access to the root directory of the site.

** If the page that you are trying to access with the new user is trying to access includes or images that are located outside of the password protected directory you will not be authorized.

Grant access to the specific users to the other locations or give the user file permissions from the top/root level down.

If you are still unable to login to this newly password protected directory, it may be because when executing the ASP, ASP.NET or Cold Fusion page, the script looks for the global.asa, web.config, or application.cfm file in the root of the site and because the user you logged in as only has access to the subdirectory you will not be able to access this page.

If this is the case, try creating an application starting point on the subdirectory. This will force the script to look in this same directory for the files. You may need to copy the global.asa, web.config, or application.cfm into the subfolder.

** This method has changed from mid 2004 by a Windows Security update where the EVERYONE user group used to get permissions removed. This is no longer the correct way to implement password protection.

Add Feedback