I am attempting to enable Basic Authentication in order to require credentials before viewing a development episerver site. For a non-epi site I would just disable Anonymous Authentication and enable Basic Authentication in IIS. When I do this for my Epi site I get an IIS error indicating that the request querystring is too long. This is due to Epi getting stuck in a redirect loop to the login page. After some searching, I attempted to enable episerver.basicAuthentication instead. I did this by adding the following to my Web.config:
1. Adding a <configSection> for <section name="episerver.basicAuthentication" type="EPiServer.Configuration.BasicAuthenticationSection, EPiServer.Configuration" />
2. Adding a <system.webServer><module> for <add name="BasicAuthentication" type="EPiServer.Security.BasicAuthentication, EPiServer" />
3. Adding <episerver.basicAuthentication basicRealm="" sendBasicChallenge="true" /> to the top level node
After doing this, nothing new happens and the site is still accessible without credentials. What am I missing? Please let me know if I can provide any more information.
Thanks