Re: Deny access to htm files
From: MWells (outbound__at_sygnal.com)
Date: 01/13/05
- Next message: Hans Kesting: "Re: ASP "no right" error"
- Previous message: Damien: "Re: Deny access to htm files"
- In reply to: Brian Linden: "Deny access to htm files"
- Next in thread: Brian Linden: "Re: Deny access to htm files"
- Reply: Brian Linden: "Re: Deny access to htm files"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 13 Jan 2005 22:31:31 +1300
Brian, I'm reading your question a little differently than Joyit and
Patrick, so I'll comment in case it helps.
If I understand your question, you'd like to know how to ensure that a
request for a .htm file forces a Forms Authentication login in the same way
that a request for a .aspx file does.
When a Url request is processed by IIS, a decision is made regarding who
gets to process it. This is done (rather frustratingly) based on the
extension of the Url.
Files ending in ".aspx" are processed by .NET, while other files like
".gif", ".jpeg", ".html" are processed directly by IIS.
Because Forms Authentication is a .NET feature, requests that bypass .NET
are not covered by the Forms Authentication security scheme.
As usual, there are a number of ways to handle this but the easiest way is
to make a list of all the file types you want protected by Forms
Authentication, and then configure IIS to pass all of these through .NET.
In the IIS Manager;
+ Pick your website
+ Right-click, properties; the property dialog appears
+ Select the "Home Directory" tab
+ Click the "Configuration" button; the "Application Configuration" dialog
appears
+ Select the "Mappings" tab
You'll see a list of Application extensions, with mappings to specific
handlers. For example,
".aspx" is mapped to;
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
Check yours, it will contain the correct path to the aspnet_isapi.dll, which
is what you want.
Now go to all of the file types you need, such as .htm, .gif, .jpeg, .jpg,
and Edit their mappings to the same value. You may need to Add some entries
for certain file types as well.
Cheers,
/// M
"Brian Linden" <brian@ineedadip.com> wrote in message
news:#no8teQ#EHA.2180@TK2MSFTNGP12.phx.gbl...
> I have a web application using forms authentication and everything seemed
to
> be working fine, as far as requiring them to login.
>
> But then I noticed that you could type in:
> http://domain.com/restrictefolder/test.htm
>
> How do I deny access to a folder full of .htm files that I don't want them
> to read unless they have logged in?
>
>
- Next message: Hans Kesting: "Re: ASP "no right" error"
- Previous message: Damien: "Re: Deny access to htm files"
- In reply to: Brian Linden: "Deny access to htm files"
- Next in thread: Brian Linden: "Re: Deny access to htm files"
- Reply: Brian Linden: "Re: Deny access to htm files"
- Messages sorted by: [ date ] [ thread ]
