Adding authentication to static Azure Website

Question

We have an Azure Website hosting a static site (just some HTML, CSS, Javascript), which then communicates with our Azure Mobile Services by AJAX calls.

We would like to

Answer 1

A very simple form of authentication with a static username and password can be achieved by leveraging ASP.NET's authentication and authorization, integrated with IIS as described in this article: Apply ASP.NET Authentication and Authorization Rules to Static Content with IIS 7.0's Integrated Pipeline Feature.

Se this sample GitHub project for an example. The relevant pieces of code are this Web.config file that you should place in the root directory (which would be public):

And this Web.config file that you could place in a subdirectory (which would be restricted):

You also need a Login.aspx file with the HTML form and server-side authentication logic. See the Login.aspx in the sample project for an example.

This way you would be able to host both public files at root level and private files at subdirectories. If you want to protect even the root level, just adjust the authorization rules accordingly.

For documentation on configuration options see these MSDN pages:

• authorization Element (ASP.NET Settings Schema)
• allow Element for authorization (ASP.NET Settings Schema)
• deny Element for authorization (ASP.NET Settings Schema)