I am attempting to enable Basic Authentication in order to require credentials before viewing a development episerver site. For a non-epi site I would just disable Anonymous Authentication and enable Basic Authentication in IIS. When I do this for my Epi site I get an IIS error indicating that the request querystring is too long. This is due to Epi getting stuck in a redirect loop to the login page. After some searching, I attempted to enable episerver.basicAuthentication instead. I did this by adding the following to my Web.config:
1. Adding a for
2. Adding a for
3. Adding to the top level node
After doing this, nothing new happens and the site is still accessible without credentials. What am I missing? Please let me know if I can provide any more information.
I think you need to be in Classic Mode and not Integrated Pipeline in the IIS web site/app for any Basic Authentication to work.
If I switch the App Pool to classic, I receive the following error regardless of if basicAuthentication is enabled in the web.config.
HTTP Error 403.14 - ForbiddenThe Web server is configured to not list the contents of this directory.
Are you saying Classic Mode is a requirement of Episerver for Basic Authentication to work? I've definitely used Basic Authentication in Integrated mode with other .NET applications.
Asked around and our case was Basic Auth AND Forms Authentication combined which was working in IIS6 but was hard/not worth the coding required with IIS7, I do recall it was less work with Classic Mode but we wanted Integrated to be more production-like.
Like you we were also using this on Dev sites to not need to lock down pagetree accessrights to be protected.