How do I create a user account for basic authentication?

I'd like to add basic authentication to my website. I followed the instructions in the MSDN article on Configure Basic Authentication (IIS 7)

To use the UI

  1. Open IIS Manager and navigate to the level you want to manage. For information about opening IIS Manager, see Open IIS Manager (IIS 7). For information about navigating to locations in the UI, see Navigation in IIS Manager (IIS 7).
  2. In Features View, double-click Authentication.
  3. On the Authentication page, select Basic Authentication.
  4. In the Actions pane, click Enable to use Basic authentication with the default settings.
  5. Optionally, in the Actions pane, click Edit to type the default domain and realm.
  6. In the Edit Basic Authentication Settings dialog box, in the Default domain text box, type a default domain or leave it blank. Users who do not provide a domain when they log on to your site are authenticated against this domain.
  7. In the Realm text box, type a realm or leave it blank. In general, you can use the same value for the realm name as you used for the default domain.
    • Important
      If you enter the default domain name in the Realm text box, your internal Microsoft Windows domain name may be exposed to external users during the user name and password challenge.
  8. Click OK to close the Edit Basic Authentication Settings dialog box.

Here's what I've done so far:

IIS Manager - Authentication Authentication Page - Basic Authentication

Now I need to create a user account for the basic authentication.

Does anyone know how to create users in IIS Manager?


Solution 1:

Right click on Computer and choose "Manage" (or go to Control Panel > Administrative Tools > Computer Management) and under "Local Users and Groups" you can add a new user. Then, give that user permission to read the directory where the site is hosted.

Note: After creating the user, be sure to edit the user and remove all roles.

Solution 2:

I know this is a really old question but I wanted to add a bit of explanation that I discovered the hard way (this is n00b information).

"Basic Authentication" shares the same accounts that you have on your local computer or network. If you leave the domain and realm empty, local accounts are what are actually being used. So to add a new account you follow the exact process you would for adding a normal new user account to your local computer (as answered by JoshM or shown here). If you enter a domain and realm you can create network accounts in your local active directory and these are what will be used to log the user in and out.

Because it has been around for so long, basic authentication is generally compatible with any browser/system out there but it does have to major flaws:

  • user and password are sent in the clear (except over SSL)
  • you need to have a user account for each user or client

For more information about basic authentication or user accounts see the following MSDN page.