Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   ASP .Net Security (http://www.velocityreviews.com/forums/f62-asp-net-security.html)
-   -   web.config (http://www.velocityreviews.com/forums/t766241-web-config.html)

olap 06-24-2004 08:44 AM
web.config
 
do you know why if i've got an entry in the web.config like this:

<location path="Reportistica/Cruscotto">
<system.web>
<authorization>
<allow users="Domain\MArio"/>
<deny users="*"/>
</authorization>
</system.web>
</location>

it works

instead if i've got an entry like this:


<location path="Reportistica/Cruscotto/OLAP/Page.htm">
<system.web>
<authorization>
<allow users="Domain\MArio"/>
<deny users="*"/>
</authorization>
</system.web>
</location>

it doesn't work, and everyone can access that page?


thx

Joe Kaplan \(MVP - ADSI\) 06-24-2004 01:12 PM
Re: web.config
 
Most likely this is because .htm files are not served by the ASP.NET
runtime, but are served by IIS directly. Therefore, this request never
enters the ASP.NET pipeline and the security is not enforced.

I've seen references on how to set up ASP.NET to handle other types of
requests such as htm and image files. However, you might be better off just
converting this page to an aspx page so you don't have to go through that
hassle.

Joe K.

"olap" <mario.perrino@accenture.com> wrote in message
news:uACh4ecWEHA.3640@TK2MSFTNGP11.phx.gbl...
> do you know why if i've got an entry in the web.config like this:
>
> <location path="Reportistica/Cruscotto">
> <system.web>
> <authorization>
> <allow users="Domain\MArio"/>
> <deny users="*"/>
> </authorization>
> </system.web>
> </location>
>
> it works
>
> instead if i've got an entry like this:
>
>
> <location path="Reportistica/Cruscotto/OLAP/Page.htm">
> <system.web>
> <authorization>
> <allow users="Domain\MArio"/>
> <deny users="*"/>
> </authorization>
> </system.web>
> </location>
>
> it doesn't work, and everyone can access that page?
>
>
> thx
>
>

ranganh 06-28-2004 09:09 AM
RE: web.config
 
Dear Olap,

The htm files are not served by asp.net and are served by IIS itself. To enable security for that page, go to your application's virtual directory.

Go to Properties, Configuration and in the list, click add to add the .htm extension and set the same properties as that of the one's for .aspx which is being listed in the grid.

Once you are done with that, the htm files will be served by asp.net and the security would be enforced.

hope it helps.

"olap" wrote:

> do you know why if i've got an entry in the web.config like this:
>
> <location path="Reportistica/Cruscotto">
> <system.web>
> <authorization>
> <allow users="Domain\MArio"/>
> <deny users="*"/>
> </authorization>
> </system.web>
> </location>
>
> it works
>
> instead if i've got an entry like this:
>
>
> <location path="Reportistica/Cruscotto/OLAP/Page.htm">
> <system.web>
> <authorization>
> <allow users="Domain\MArio"/>
> <deny users="*"/>
> </authorization>
> </system.web>
> </location>
>
> it doesn't work, and everyone can access that page?
>
>
> thx
>
>
>


All times are GMT. The time now is 07:36 PM.

Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.