How to secure a demo website?

Question

I am developing a web site with MVC 5.2 and ASP.NET Identity 2.1. As long as my site is in beta, I want to keep random visitors away from my website.

I am looking for a simple 2-step-protection mechanism:

When I hit the website with my browser the default browser dialog should pop up and ask me for username and password (IIS user credentials). When I enter valid data, my site appears (with it's homepage).
Here I have to login to my application (with application specific credentials).

I enabled Basic Authentication in IIS 8.5 (and disabled Anonymous Authentication), because I was hoping this would bring up the browser dialog (from step 1). But this didn't do the trick. Instead, when I hit the page, the browser returns an error message saying that my request ended in an endless loop. No popup dialog appears. My request is obviously hitting my MVC application already and this tries to redirect me to the login form again and again.

Any ideas?

I just want to keep visitors away with a simple mechanism (does not have to be secure!!). And if possible I don't want to change my MVC code.

Thanks for any help!!

score 1 · Accepted Answer · edited May 23 '17 at 12:23

1

Look at this:

ASP.NET MVC - HTTP Authentication Prompt

You can also use the [Authorize] attribute for your landing actions.

Make sure [AllowAnonymous] action is not used.

edited May 23 '17 at 12:23

Community

1
1

answered Oct 26 '14 at 13:17

ilans

2,537
1
28
29

Hi ilanS, this is not exactly what I was looking for, but in the end it works now! I added the code for the [RequireBasicAuthentication] attribute (from the url you referred me to) and decorated my whole Home controller with this attribute. I then had to enabled BOTH Anonymous AND Basic Authentication on IIS. I now get the popup that I was hoping for (and when I enter credentials of a valid Windows user account from my server), my site shows up, but I am not logged in here. Very good! I didn't really like to modify my code for this. – Ingmar Oct 26 '14 at 13:43
And I surely have to make another modification so this [RequireBasicAuthentication] is not bothering me while I am inside Visual Studio (e.g. if (!Debugger.IsAttached)). But as I said: I have what I need now. THANK YOU VERY MUCH!! – Ingmar Oct 26 '14 at 13:44

How to secure a demo website?

1 Answers1