Password protect single directory in IIS 8

How can I password protect a single directory in IIS 8 under Windows Server 2012 Standard?

Example: I want to be able to access mysite.com, but when navigating to mysite.com/secured, I want to be prompted for a password for access.


  • Open your IIS manager and select the directory you want to protect.

  • Under the "IIS" section select "Authentication".

  • Disable "Anonymous Auth".

  • Enable the desired Auth method (usually "Basic Auth") and it will be valid for this directory only.

  • Add a User account.

    • Left click directory in IIS, Edit Permissions..., Security, Edit, Add, enter a user from your Active Directory
  • Give that user Read, Execute, List Permissions on the directory needed, then login via the newly created user.

    • left click newly added user and check Allow for Full control
  • To log in, use the domain username and password (i.e. UN: [email protected], PW: p@$$w0rd).

    Note: You can add / remove auth methods @ Role Services window.


As an alternative you can code some auth system using serverside languages like PHP / ASP