web.config

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

olap - 24 Jun 2004 09:44 GMT

do you know why if i've got an entry in the web.config like this:

<location path="Reportistica/Cruscotto">
<system.web>
<authorization>
<allow users="Domain\MArio"/>
<deny users="*"/>
</authorization>
</system.web>
</location>

it works

instead if i've got an entry like this:

<location path="Reportistica/Cruscotto/OLAP/Page.htm">
<system.web>
<authorization>
<allow users="Domain\MArio"/>
<deny users="*"/>
</authorization>
</system.web>
</location>

it doesn't work, and everyone can access that page?

thx

Reply to this Message

Joe Kaplan \(MVP - ADSI\) - 24 Jun 2004 14:12 GMT

Most likely this is because .htm files are not served by the ASP.NET
runtime, but are served by IIS directly. Therefore, this request never
enters the ASP.NET pipeline and the security is not enforced.

I've seen references on how to set up ASP.NET to handle other types of
requests such as htm and image files. However, you might be better off just
converting this page to an aspx page so you don't have to go through that
hassle.

Joe K.

> do you know why if i've got an entry in the web.config like this:
>
[quoted text clipped - 23 lines]
>
> thx

Reply to this Message

ranganh - 28 Jun 2004 10:09 GMT

Dear Olap,

The htm files are not served by asp.net and are served by IIS itself. To enable security for that page, go to your application's virtual directory.

Go to Properties, Configuration and in the list, click add to add the .htm extension and set the same properties as that of the one's for .aspx which is being listed in the grid.

Once you are done with that, the htm files will be served by asp.net and the security would be enforced.

hope it helps.

> do you know why if i've got an entry in the web.config like this:
>
[quoted text clipped - 23 lines]
>
> thx

Reply to this Message

web.config

Free Magazines