How to restrict access to a specific file on iis windows 2012

Question

IIS on Windows 2012 R2

A website has a number of directories and in one of those directories is restricted-page.html to which I want to restrict access to all except a particular windows user.

The rest of the site is to be freely browsable by anybody.

Following instructions at https://weblogs.asp.net/gurusarkar/setting-authorization-rules-for-a-particular-page-or-folder-in-web-config I expected that putting the following web.config into the directory containing restricted-page.html would work.

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <location path="restricted-page.html">
    <system.web>
      <authentication mode="Windows"/>
      <authorization>
         <allow users="windows-domain\account-name"/> 
         <deny users="*"/>                          // deny others
      </authorization>
    </system.web>
  </location>
  <location path="*">
    <system.web>
      <authentication mode="Windows"/>
      <authorization>
         <allow users="*"/> 
      </authorization>
    </system.web>
  </location>
</configuration>

However, users can't browse into the containing directory without requiring authentication.

Could anyone advise?

Why don't you just use the normal NTFS file permissions? See https://support.microsoft.com/en-us/help/815151/how-to-restrict-specific-users-from-gaining-access-to-specified-web-re — Broco, Sep 28 '18 at 09:08
The `system.web` XML node only applies to ASP.NET files, it doesn't affect static html pages. That's why the page is still accessible. — Peter Hahndorf, Sep 30 '18 at 11:36

score 0 · Answer 1 · answered Oct 17 '18 at 19:07

0

Solution was as Broco says above and much easier than I'd supposed.
Disable Anonymous Authentication for the site in IIS
Enable Windows Authentication
Then use file permissions.

step by step with screenshots

answered Oct 17 '18 at 19:07

twisted

109
1
2

How to restrict access to a specific file on iis windows 2012

1 Answers1