I typically use basic authentication to password protect development or staging sites. The primary reason I password protect dev or staging sites is to block search engines from indexing the site and to stop curious eyes from seeing something before it is ready. I should point out that basic authentication is not very secure and it is not recommended to use this to protect sensitive information but it is adequate for my purposes.

Unlike on-premise IIS, Azure Websites do not provide a module for Basic Authentication. This is because on-premise IIS uses the machine accounts for the user system and you don’t have access to that in Azure Websites. Fortunately it is fairly easy to implement your own basic authentication module or use this one published on GitHub from Devbridge Group.

While it is really simple to setup and the Devbridge article provides a good description of how it works, I thought it would be good to provide the basic steps for implementing this. The Devbridge example is an ASP.NET MVC site, so it may not be clear what parts are needed to make this work for websites built on other technologies. I have tested the following with both a classic Active Server Pages site and a node.js site.

For sites that are not running ASP.NET, add a web.config file with this content:

<?xml version="1.0"?>
<configuration>
  <configSections>
    <section name="basicAuth" type="Devbridge.BasicAuthentication.Configuration.BasicAuthenticationConfigurationSection" />
  </configSections>
<basicAuth>
  <credentials>
    <add username="USERNAME" password="PASSWORD"/>
  </credentials>
</basicAuth>
  <system.webServer>
    <modules>
      <add name="MyBasicAuthenticationModule" type="Devbridge.BasicAuthentication.BasicAuthenticationModule"/>
    </modules>
  </system.webServer>
</configuration>

You can change the username and password as desired and add additional username/passwords in the credentials section of the config file. If the site already has a web.config file, you can integrate the above with it.

Next, add a /bin folder and include the Devbridge.BasicAuthentication.dll. DevBridge did not provide the compiled DLL for the Basic Authentication module, so for convenience of those not using Visual Studio, you can download the DLL here. Publish your Azure Website and it will be password protected!