Securing a website section using Windows authentication

When you set up Windows authentication, you can use the authentication only for specific sections of the live website. This leads to the following scenario:

  • The live website is accessible anonymously, except for the specified sections that require Windows authentication
  • Windows authentication is required for access to the Kentico administration interface
  • The site cannot contain other sections secured using standard Forms authentication

The following example demonstrates how to set Windows authentication for the Products section of the sample Corporate site:

Configuring IIS

  1. Locate your web project on the disk (typically c:\Inetpub\wwwroot\<web project>).
  2. Create a new directory in your web project’s CMS folder, named according to the URL path of the site section that you want to secure. In this case, the path is /Products, so create a folder named Products.
  3. Open Internet Information Services (IIS) Manager.
  4. Locate the new Products folder in the tree and select it.
  5. Open the Authentication configuration.
    • Disable Anonymous Authentication for the folder
    • Make sure that Windows Authentication is enabled
    IIS authentication settings for the given folder

Configuring the web.config file

  1. Edit the web.config file of your web project.

  2. Set the mode attribute of the <authentication> element in the <system.web> section to Windows:

    
    
    
     <authentication mode="Windows">
    
    
     
  3. Find the section marked with Windows authentication BEGIN and set the path parameter of the <location> element to the name of the created directory (Products in the example):

    
    
    
     <!-- Windows authentication BEGIN -->
     <location path="Products">
       <system.web>
         <authorization>
           <deny users="?"/>
         </authorization>
       </system.web>
     </location>
     <!-- Windows authentication END -->
    
    
     
  4. Save the web.config file.

The authentication is now configured. If you try to access any of the pages placed under the Products section, the system requires Windows authentication.

If you also want the authentication to be required for the Products main page, you need to use the following workaround:

  1. Create a child under the Products page with identical content (you can use the Copy () action).

    • You may need to adjust the page nesting settings and the configuration of certain web parts to get the page to work correctly.
  2. Select the original Products page and open the Properties -> Navigation tab.

  3. Select Redirect to first child in the Menu actions section.

  4. Click Save.
    Making the main page of a section redirect to first child

Because the new page is located under the Products section, windows authentication is required to access it.