All About ASP.NET and ASP.NET Core 2 Hosting BLOG

Tutorial and Articles about ASP.NET and the latest ASP.NET Core

ASP.NET 4.5 Hosting :: How to Password-Protect Web Pages Using .htaccess Files

clock September 13, 2013 07:34 by author Mike

A .htaccess file (pronounced ‘dot aitch tee access’ or simply ‘aitch tee access’) is aspecial configuration file used on web servers running the Apache httpd web server software. When someone visits a page that is sitting in a directory alongside, or in the same branch as, a .htaccess file then that configuration file will be loaded by the server and processed.

.htaccess files are used to reconfigure the web server without needing to restart it. These files can be used to enable or disable additional functionality and features, such as creating redirects, disabling directory listings and password protecting directories.

If you want to password protect some of your web pages, then you need to use a .htaccess file with a .htpasswd password file. This tutorial will tell you step-by-step what you need to do.

Step By Step Instructions
Let's suppose you want to restrict files in a directory called members to username memberone with password memberonepassword. Here's what to do:
1. Create a file called .htaccess in directory members that looks like this:

AuthType Basic
AuthName "Restricted access"
AuthUserFile /home/USERNAME/.htpasswd
require valid-user


  • In the AuthUserFile line, replace USERNAME with your ftp username.
  • The .htaccess file must be an ASCII text document.
  • A .htaccess file can be created in any word processor but must be saved as text only.
  • IF you upload your .htaccess file via FTP, the FTP client must be set to ASCII mode for transfer.
  • For security reasons, the .htaccess file on the server cannot be seen in a directory listing. If you don't see it after uploading it, don't worry.
    Also note that AuthName can be anything you want. The AuthName field gives the Realm name for which the protection is provided. This name is usually given when a browser prompts for a password, and is also usually used by a browser in correlation with the URL to save the password information you enter so that it can authenticate automatically on the next challenge.

2. Use the htpasswd command, from your home directory, to create a password file called .htpasswd in your home directory:
SSH to your home directory. This is simply done by connecting with your SSH client and NOT entering any path, and NOT changing directories after connecting. After connecting to your home directory via SSH, enter:

# htpasswd -c .htpasswd memberone

Type the password -- memberonepassword -- twice as instructed.
3. That's the setup done. Now test by trying to access a file in the directory members; your browser should demand a username and password, and not give you access to the file if you don't enter memberone and memberonepassword.

Multiple Usernames/Passwords

If you want to give access to a directory to more than one username/password pair, follow the steps above to create the .htaccess file and to create the .htpasswd file with one user. Then, add additional users to the .htpasswd file by using the htpasswd command without the -c:

# htpasswd .htpasswd membertwo
New password:
Re-type new password:
Adding password for user membertwo

Changing Passwords

If you want to change the password for an existing user, simply issue the same command as when you added the user. You will then be prompted for a new password. For example, if the user membertwo already exists and you want to change the password, just SSH to your home directory and enter:

# htpasswd .htpasswd membertwo

Password Protecting Multiple Directories
If you want to password protect multiple directories, and allow all users access to all password protected directories, then all you need to do is put the same .htaccess file in each directory that you want to password protect.

However, if you want to password protect multiple directories, and only allow certain users access to each directory, then you can create a different password file (all in your home directory) for each password protected directory.

Let's say you have 3 different directories (members, admins, board) you want password protected, and each one has a different set of users that you want to allow access. Then just do the following:

Create three .htaccess files and put them in their appropriate directory:

AuthType Basic
AuthName "Restricted access"
AuthUserFile /home/USERNAME/.htpasswd.members
require valid-user
AuthType Basic
AuthName "Restricted access"
AuthUserFile /home/USERNAME/.htpasswd.admins
require valid-user
AuthType Basic
AuthName "Restricted access"
AuthUserFile /home/USERNAME/.htpasswd.board
require valid-user

Remember to replace USERNAME with your ftp username (in lower case).

Create three .htpasswd files in your home directory:

# htpasswd -c .htpasswd.members memberone
# htpasswd -c .htpasswd.admins adminone
# htpasswd -c .htpasswd.board boardmemberone

That's it. Now when you need to add a user to one of the directories, just issue the htpasswd command on the appropriate .htpasswd file.

ASP.NET 4.5 Hosting :: How to Writing HTTP Handler in IIS 7.5

clock September 4, 2013 05:46 by author Mike

A handler is associated with a particular type resource. It may be mapped to only a given resource. Handler mappings may also be restricted by a Http verb which means you may want to only work with GET requests ( for example if you Http handler is only supposed to send back images) or a POST request ( for example if you collect some data on the given handler).

We should code a custom Http handler if and only if the resource type to be accessed is fairly customized and is a separate entity on you system The Http response generation logic weather visible or not is very different from a regular aspx pages. In these cases it should be observed that the request should not be part of a page lifecycle.

With IIS 7.5 and beyond it is being tried that as far as possible the config definition should be available in the web.config file of an ASP.NET web site. Handlers can be configured using the IIS wizard or by directly editing the web.config file.

This article describes how handlers are to be written and configured in IIS 7.5.

Any managed http handler implements the IHTTPHandler interface.

public class TextHandler :IHttpHandler

The Http handler has a very important property IsReusable. The purpose of this property is to define if the instance of the Http handler can be shared or not. The IsReusable property should return true if and only is there is no field in the handler which can define the state. If we make IsReusable as false then the performance is slower.

bool IHttpHandler.IsReusable{
get { return true; }


The other method of interest is Process request, the objective of this method is to generate any valid Http response (not html response).

void IHttpHandler.ProcessRequest(HttpContext context)

StringBuilder htmlText = new StringBuilder();
htmlText.Append("Sample Text");

Configuration of Http handlers follows similar mechanism as modules. Handlers can be configured by using web.config or using the IIS manager. If you use web.config, you can use listing below.

<add name="TextHandler" path="*.Text" verb="*" type="TextHandler" resourceType="Unspecified" preCondition="integratedMode" />

In the system.webServer section add a handlers section. In this add a new handler. The name is a unique name for the handler. The path contains the path on the server. It can be wild card or an absolute path. In this example the value can be *.Text or Static.Text. The value of verb can be * or a comma separated set of verbs such as GET, POST, PUT, DELETE or any verbs used for this handler.

The type is the fully qualified name of the class in which the handler code is written. It should be noted that a precondition here is integratedMode.

If you use IIS Manager, follow steps below.

1. Open IIS Manager
2. Expand the node of your web application
3. Open the Handler Mapping feature


4. Click on Add managed handler


5. Add the various values


6. Click on request restrictions and add values for verbs


Some pitfalls

  1. Session is not available: The HttpSessionState is a module in itself hence we should ensure that when creating a module we will not have access to Http Session.
  2. Http request is read only: The various elements of the Http request such as query strings in modules are readonly. It should be noted that the url is not read only and you can create modules for Url rewrite.
  3. Http handler IsReusable: The IsReusable property is a death trap for the novice programmer. Great care should be taken to decide the value of IsReusable. It should be noted that as far as possible we should try to keep our handler stateless in interest of performance.

Cheap ASP.NET 4.5 Hosting

We’re a company that works differently to most. Value is what we output and help our customers achieve, not how much money we put in the bank. It’s not because we are altruistic. It’s based on an even simpler principle. "Do good things, and good things will come to you".

Success for us is something that is continually experienced, not something that is reached. For us it is all about the experience – more than the journey. Life is a continual experience. We see the Internet as being an incredible amplifier to the experience of life for all of us. It can help humanity come together to explode in knowledge exploration and discussion. It is continual enlightenment of new ideas, experiences, and passions

Author Link

 photo ahp banner aspnet-01_zps87l92lcl.png


Corporate Address (Location)

170 W 56th Street, Suite 121
New York, NY 10019
United States

Tag cloud

Sign in