Re: ASP.Net Web.config security question
- From: "ASP.Net programmer" <me@xxxxxxxx>
- Date: 25 May 2005 14:44:44 GMT
For some *very* annoying reason reason the security settings only work when
an aspx page is requested. The security settings are completely ignored
when an HTML file is requested. Even when I applied the security settings
specifically to the html file!
"ASP.Net programmer" <me@xxxxxxxx> wrote in news:42944b94$0$153
$e4fe514c@xxxxxxxxxxxxxx:
> I have a weird problem securing my ASP.Net application. I know it's
> probably my fault, but I just don't get it to work.
>
> - Anonymous access is disabled on the IIS Server.
> - Integrated Windows security is enabled on the IIS Server.
>
> Web.config (excerpt, slightly edited):
> <?xml version="1.0" encoding="utf-8" ?>
> <configuration>
>
> <location path="admin">
> <system.web>
> <authorization>
> <allow users="Domain\admin_account"/>
> <deny users="*" />
> </authorization>
> </system.web>
> </location>
>
> <system.web>
> <authentication mode="Windows" />
> <authorization>
> <allow roles="Domain\Domain Users" />
> <deny users="*" />
> </authorization>
> </system.web>
> </configuration>
>
> The problem is: I (as a normal user) can access the normal pages as
> expected, but also the admin directory.
>
> I enabled trace and the only status-code for a request is 200. I know
> there also should be a 400 (or 401) for the authentication, but it just
> isn't there.
> The LOGON_USER property of the trace shows my account.
>
> My question is: what did I forget?
.
- Follow-Ups:
- Re: ASP.Net Web.config security question
- From: Patrice
- Re: ASP.Net Web.config security question
- Prev by Date: Office Web Components
- Next by Date: Sockets: Assigning a timeout
- Previous by thread: Office Web Components
- Next by thread: Re: ASP.Net Web.config security question
- Index(es):
Relevant Pages
|
