IIS7 Basic Authentication on PHP Site

I have a PHP5 site running on IIS7 and I just wanted to add basic authentication on a subfolder called admin.

I enabled both anonymous authenticati开发者_Python百科on and basic authentication and I just want to turn off anonymous authentication on the subfolder in order to force the basic authentication?

Any suggestions?

I tried adding a web.config in the subfolder with the following:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.webServer>
    <security>
      <authentication>
        <anonymousAuthentication enabled="false" />
      </authentication>
    </security>
  </system.webServer>
</configuration>

I think what you want is authorization, not authentication. You can leave anonymousAuthentication enabled, but just don't authorize users who haven't logged in. Use the non managed Url Authentication module (link text), and setup your subfolder's web.config file like so:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <security>
            <authorization>
                <remove users="*" roles="" verbs="" />
                <add accessType="Deny" users="?" />
            </authorization>
        </security>
    </system.webServer>
</configuration>

Rather than hand editing the config file, you can also the "Authorization Rules" feature in the IIS admin.

If you want folder authentications, look to your applicationHost.config file and use something to this effect:

    <location path="Default Web Site/css">
    <system.webServer>
        <security>
            <authentication>
                <anonymousAuthentication enabled="false" />
                <basicAuthentication enabled="true" />
            </authentication>
        </security>
    </system.webServer>
</location>