Hi,
We are developing a file repository, and we are using Forms authentication
security.
We dynamically create the Web.config files in each directory and it works
perfectly for aspx files, but it doesnt work for any other file (.zip, .jpg,
.doc, etc) it allows anyone to access them.
For example, a Web.config in a directory is:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<customErrors mode="Off" />
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
But still allows anyone to access all the files in the directory.
Please help,
GustavoHi,
For such non-ASP.NET resource requests, you should let ASP.NET ISAPI handle
those requests.
The steps do to this are detailed @.
[url]http://www.dotnetjunkies.com/Article/F32DFC79-3AE7-4D9D-BF1D-91B4B6D130C7.dcik[/ur
l]
HTH.
"Gustavo De la Espriella" <qq@.qqq.qq.qq> wrote in message
news:Op$SyjVgEHA.3676@.TK2MSFTNGP12.phx.gbl...
Hi,
We are developing a file repository, and we are using Forms authentication
security.
We dynamically create the Web.config files in each directory and it works
perfectly for aspx files, but it doesnt work for any other file (.zip, .jpg,
.doc, etc) it allows anyone to access them.
For example, a Web.config in a directory is:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<customErrors mode="Off" />
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
But still allows anyone to access all the files in the directory.
Please help,
Gustavo
asp.net can handle only files IIS delegate it to handle.
For each file extention .aspx, .asax, .asmx, etc. there is a record in
settings in IIS that redirects query to certain handler.
You have to add your extention to be handled by asp.net framework, and
than asp.net will be able handle it.
Gustavo De la Espriella wrote:
> Hi,
> We are developing a file repository, and we are using Forms authentication
> security.
> We dynamically create the Web.config files in each directory and it works
> perfectly for aspx files, but it doesnt work for any other file (.zip, .jp
g,
> .doc, etc) it allows anyone to access them.
> For example, a Web.config in a directory is:
> <?xml version="1.0" encoding="utf-8" ?>
> <configuration>
> <system.web>
> <customErrors mode="Off" />
> <authorization>
> <deny users="?" />
> </authorization>
> </system.web>
> </configuration>
> But still allows anyone to access all the files in the directory.
> Please help,
> Gustavo
>
In addition to the fine suggestions given so far, you could also store the
files in a database or in a private folder and dish them out via your own
code.
Here's more info:
http://msdn.microsoft.com/library/d...tefiletopic.asp
I hope this helps,
Steve C. Orr, MCSD, MVP
http://Steve.Orr.net
"Gustavo De la Espriella" <qq@.qqq.qq.qq> wrote in message
news:Op$SyjVgEHA.3676@.TK2MSFTNGP12.phx.gbl...
> Hi,
> We are developing a file repository, and we are using Forms authentication
> security.
> We dynamically create the Web.config files in each directory and it works
> perfectly for aspx files, but it doesnt work for any other file (.zip,
> .jpg,
> .doc, etc) it allows anyone to access them.
> For example, a Web.config in a directory is:
> <?xml version="1.0" encoding="utf-8" ?>
> <configuration>
> <system.web>
> <customErrors mode="Off" />
> <authorization>
> <deny users="?" />
> </authorization>
> </system.web>
> </configuration>
> But still allows anyone to access all the files in the directory.
> Please help,
> Gustavo
>
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment