November 20 and December 1, 2015, and January 28, 2016
Windows Server 2012 R2 Authentication by Jamie Johnson
Here are my steps to help you to set up authentication on Windows Server 2012 so that users will have to log in to see a sub-directory of a site:
- Go to Server Manager
- Click Add roles and features
- Click Server Selection
- Select a server from the server pool
- Next
- In tree nav, go to Web Server (IIS) > Web Server > Common HTTP Security
- Check the checkboxes beside both Client Certificate Mapping Authentication and Digest Authentication
- Click Next until it continues through installation
- Close
- Go to IIS Manager
- Drill down to the folder of interest
- Double-click the Authentication icon in the right pane under IIS that now shows up
- Click Digest Authentication
- On the far right column, click Enable
- Click Anonymous Authentication
- On the far right column, click Disable
However, one should not authenticate if HTTPS/SSL is not enforced. So when a certificate is in place then the following steps apply to complete setting up authentication:
- Open the IIS Manager
- Select the website on the left hand side
- Click on Bindings on the right hand side
- Click on Add
- Select the type as https and enter the port as 443
- Select the SSL certificate for the site and click OK
- In IIS, drill down to the folder on the site
- In the middle pane, double-click SSL Settings
- Check "Require SSL"
- Click Apply on the far right side under Actions
- NOTE: This will require the user to actually enter or link to the address using https: or there will be an error instead of opportunity to authenticate to the page.
You're still not done! If you want a group or specific user to authenticate to the folder of interest, then you will have to complete these steps as well:
- Go to IIS Manager
- Select the website on the left hand side
- Drill down to the folder of interest
- Right-click the folder and convert to application
- Click OK when applicable
- Close IIS Manager
- Go to Explorer and navigate to the folder of interest
- Right-click and select properties
- Go to the Security Tab and click Edit
- Add the group or user with proper permissions
- Click Apply/OK when applicable