Question

I m developing an ASP.NET MVC site that utilizes forms authentication for part of the application. During development, I need to be able to give external parties access to a development server hosting the site. Since I don t want to expose the site to the entire internet, I need to password protect it while still allowing forms authentication to be in use.

Mixing of Windows and forms authentication doesn t work. Is there a standard way of doing this? I would have to think this is a common scenario. The article on MSDN doesn t seem to apply to my situation: http://msdn.microsoft.com/en-us/library/ms972958.aspx

Update: The first two answers suggest adding in standard IIS basic/digest authentication. As far as I know, this is not compatible with forms authentication because the user s identity will be set to the Windows account, not the identity used through forms authentication. I need the two to be completely independent. Any thoughts?

Answer 1

You could protect it in IIS, give those details to the external parties, and leave the forms auth as it is.

Answer 2

Disable anonomous access to force the users to login via a windows account before accessing the site.

Answer 3

I knew a guy who did this using Apache and a reverse proxy.

http://www.apachetutor.org/admin/reverseproxies

Answer 4

Well unfortunately what you re trying to do is not possible in IIS7 (integrated mode), but there is a workaround. I suggest you to read this article written by Mike Volodarsky a former program manager for IIS7 at Microsoft. Article addresses your problem and there is even a sample code you could use.

友情链接