Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / General / June 2007

Tip: Looking for answers? Try searching our database.

URL Authorization in ASP.NET 2.0 not working for html and image files

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
pop@flink.dk - 07 Jun 2007 00:54 GMT
Microsoft says that

------------
ASP.NET version 2.0 on Windows Server 2003 protects all files in a
given directory, even those not mapped to ASP.NET, such
as .html, .gif, and .jpg files.
-------------

I have a ASP.NET 2.0 webapp on a 2003 server with the following
Web.Config file

<?xml version="1.0"?>
<configuration>
 <appSettings>
 </appSettings>
    <connectionStrings/>
    <system.web>
        <compilation debug="true"/>
        <authentication mode="Forms"/>
   <authorization>
     <deny users="?"/>
   </authorization>
    </system.web>
</configuration>

Lets say that the app is on the following URL: www.myapp.com.
When I access www.myapp.com/default.aspx I will correctly be
redirected to the Login.aspx page.
But if I try www.myapp.com/pictures/mypicture.jpg the picture is
loaded without requiring login.
Same happens for html pages.

I have checked that the app is running under NET 2.0 in IIS.
I have tried to install on 3 different 2003 servers but with no
difference.

What am I doing wrong?

Hope you can help

Thanks
Reply to this Message
Alexey Smirnov - 07 Jun 2007 20:38 GMT
> Microsoft says that
>
[quoted text clipped - 37 lines]
>
> Thanks

it's true for Windows Authentication.

What type of Authentication do you use?
Reply to this Message
Aion - 10 Jun 2007 01:38 GMT
> <p...@flink.dk> wrote in message
>
[quoted text clipped - 47 lines]
>
> - Vis tekst i anf?rselstegn -

I use Forms Authentication.
But I read somewhare that it should work for both Windows and Forms
Authentication.
Anyway if it was only working for Windows Authentication there where
nothing new since this could be acompliced in .NET 1.1 by setting
directory security in IIS :-)
Reply to this Message

 Rate this thread:







Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.