IISPassword v2.1.4 | Size: 3.4MB

IIS password enables password protection for web sites on Microsoft IIS, without having to use Windows System users. It’s the equivalent of htaccess on Apache, except that it’s used on Microsoft IIS.

IISPassword 2.1 Free Edition

Allows up to 3 users per IIS Site to be specified.


IISPassword uses Basic HTTP Authentication for password protecting web sites on IIS, just like htaccess works on Apache. That makes your password protected Apache web site compatible with IIS, and vice versa.

A powerful and intuitive interface makes it possible to password protect a web site in just moments. More advanced settings provide options such as user group management and protection of certain file types.

Main Features


All for free

IISPassword is free for private, educational and commercial use for up to 3 users. Educational / non-profit discounts are available on all our products.

Supported platforms


2.1.4 Release - release date: 05/07/2009

2.1.3 Release - release date: 03/10/2008

2.1.1 Release - release date: 01/09/2008

2.1.0 Release - release date: 01/08/2008

2.0.0 Release - release date: 01/03/2008

1.0.408 Release - release date: 01/26/2005

1.0.407 Release - release date: 01/11/2005

1.0.406 Release - release date: 11/26/2004

1.0.405 Release - release date: 09/10/2004

1.0.404 Release - release date: 08/10/2004

1.0.401 Release - release date: 05/25/2004

Frequently Asked Questions

Q: What does IISPassword do?

A: IISPassword password protects web sites that are hosted on Microsoft IIS, without using system user accounts. IISPassword protects complete web sites, subfolders or even certain files or file types. When trying to access a password protected object, the user is asked to log in through a dialog box, such as the one to the right.

Q: Why should I use IISPassword?

A: IISPassword provides an easy way to protect certain content on web sites. Instead of working with system user accounts, which may be difficult and even a security risk, virtual users are used. Administration is handled through an IIS snap-in or through a command line interface, making integration easy with existing administration solutions based on scripts or applications.

Q: Does IISPassword affect web server performance?

A: IISPassword is a very small application that generates almost no load to the server. The application has been tested in a real hosting environment with about 500 web sites and almost 20,000 requests per hour, without generating any significant load on the processors.

Q: Why does IISPassword use the same way of protection as htaccess?

A:There are two reasons for this. First, it’s simple. By defining security settings using htaccess files, all folders and subfolders can be protected. The second reason is compatibility. Many users hesitate to transfer web sites from Apache to IIS, and vice versa, just because some of the web site content might be password protected. IISPassword enables cross-platform compatibility for these password protected web sites.

Q: With IISPassword, is it possible to protect just certain file types, for example images?

A:Yes, this is possible to set up in the advanced mode of IISPassword. Certain files or file types can be protected by using wildcard definitions.

Q: Is it possible to use IISPassword together with Integrated Windows Authentication?

A: Yes and no. It is possible to use them both, as long as they are not used to protect the same files or folders. IISPassword expects anonymous access to be enabled in order to work properly. It is not possible to use both IISPassword and Integrated Windows Authentication on the same object, due to the internal functionality of HTTP authentication. IIS would simply not know what kind of protection to use.

Q: Does IISPassword work with IIS 6.0 on Windows 2003?

A:Yes, IISPassword is compatible with Windows 2003 and IIS 6.0.

Q: Does IISPassword work with 64bit Windows?

A:Yes, IISPassword is now compatible with Windows 64 bit operating systems (with IIS in 32 or 64 bit modes).