Easiest way to secure a public facing web application

I have a Web Application (C# pages mixed with ASP.NET and some Javascript pages) on a Windows 2008 Server with IIS 7.0. I have just a few users 开发者_如何学JAVAthat will hit this externally (not on the server). So in order for them to get a simple Username/Password form to pop up, what must I do? Could the users Usernames and Passwords just be added to a section in the webconfig file so I could maintain it that way?

Many thanks

Assuming you're looking for a down and dirty solution:

1. Using Windows Authentication, you could set them each up with a local user account. That would require no coding at all, and would simply require you to disable anonymous access and enable windows auth in IIS. Then you can assign each of these local windows accounts to a special group that has access to your web app folder.

2. Otherwise, with traditional forms authentication, you can supply hard-coded usernames and passwords in the web.config. You will then need to protect your secure pages with code-behind or by using a folder structure and defining which roles/users have access in that folder's web.config.