Problem enabling Basic Authentication


I am attempting to enable Basic Authentication in order to require credentials before viewing a development episerver site.  For a non-epi site I would just disable Anonymous Authentication and enable Basic Authentication in IIS.  When I do this for my Epi site I get an IIS error indicating that the request querystring is too long. This is due to Epi getting stuck in a redirect loop to the login page.  After some searching, I attempted to enable episerver.basicAuthentication instead.  I did this by adding the following to my Web.config:

1. Adding a for 

2. Adding a for 

3. Adding  to the top level node 

After doing this, nothing new happens and the site is still accessible without credentials.  What am I missing?  Please let me know if I can provide any more information.


Feb 07, 2017 23:42

I think you need to be in Classic Mode and not Integrated Pipeline in the IIS web site/app for any Basic Authentication to work.

Feb 09, 2017 23:00

If I switch the App Pool to classic, I receive the following error regardless of if basicAuthentication is enabled in the web.config.

HTTP Error 403.14 - Forbidden
The Web server is configured to not list the contents of this directory.

Are you saying Classic Mode is a requirement of Episerver for Basic Authentication to work?  I've definitely used Basic Authentication in Integrated mode with other .NET applications.


Feb 09, 2017 23:53

Asked around and our case was Basic Auth AND Forms Authentication combined which was working in IIS6 but was hard/not worth the coding required with IIS7, I do recall it was less work with Classic Mode but we wanted Integrated to be more production-like.

Like you we were also using this on Dev sites to not need to lock down pagetree accessrights to be protected.

Feb 10, 2017 11:46
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.