Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > URL Authorization in ASP.NET 2.0 not working for html and image files

Reply
Thread Tools

URL Authorization in ASP.NET 2.0 not working for html and image files

 
 
pop@flink.dk
Guest
Posts: n/a
 
      06-06-2007
Microsoft says that

------------
ASP.NET version 2.0 on Windows Server 2003 protects all files in a
given directory, even those not mapped to ASP.NET, such
as .html, .gif, and .jpg files.
-------------

I have a ASP.NET 2.0 webapp on a 2003 server with the following
Web.Config file

<?xml version="1.0"?>
<configuration>
<appSettings>
</appSettings>
<connectionStrings/>
<system.web>
<compilation debug="true"/>
<authentication mode="Forms"/>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</configuration>

Lets say that the app is on the following URL: www.myapp.com.
When I access www.myapp.com/default.aspx I will correctly be
redirected to the Login.aspx page.
But if I try www.myapp.com/pictures/mypicture.jpg the picture is
loaded without requiring login.
Same happens for html pages.

I have checked that the app is running under NET 2.0 in IIS.
I have tried to install on 3 different 2003 servers but with no
difference.

What am I doing wrong?

Hope you can help

Thanks

 
Reply With Quote
 
 
 
 
Alexey Smirnov
Guest
Posts: n/a
 
      06-07-2007

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Microsoft says that
>
> ------------
> ASP.NET version 2.0 on Windows Server 2003 protects all files in a
> given directory, even those not mapped to ASP.NET, such
> as .html, .gif, and .jpg files.
> -------------
>
> I have a ASP.NET 2.0 webapp on a 2003 server with the following
> Web.Config file
>
> <?xml version="1.0"?>
> <configuration>
> <appSettings>
> </appSettings>
> <connectionStrings/>
> <system.web>
> <compilation debug="true"/>
> <authentication mode="Forms"/>
> <authorization>
> <deny users="?"/>
> </authorization>
> </system.web>
> </configuration>
>
> Lets say that the app is on the following URL: www.myapp.com.
> When I access www.myapp.com/default.aspx I will correctly be
> redirected to the Login.aspx page.
> But if I try www.myapp.com/pictures/mypicture.jpg the picture is
> loaded without requiring login.
> Same happens for html pages.
>
> I have checked that the app is running under NET 2.0 in IIS.
> I have tried to install on 3 different 2003 servers but with no
> difference.
>
> What am I doing wrong?
>
> Hope you can help
>
> Thanks
>


it's true for Windows Authentication.

What type of Authentication do you use?


 
Reply With Quote
 
 
 
 
Aion
Guest
Posts: n/a
 
      06-10-2007
On 7 Jun., 21:38, "Alexey Smirnov" <(E-Mail Removed)> wrote:
> <(E-Mail Removed)> wrote in message
>
> news:(E-Mail Removed) oups.com...
>
>
>
>
>
> > Microsoft says that

>
> > ------------
> > ASP.NET version 2.0 on Windows Server 2003 protects all files in a
> > given directory, even those not mapped to ASP.NET, such
> > as .html, .gif, and .jpg files.
> > -------------

>
> > I have a ASP.NET 2.0 webapp on a 2003 server with the following
> > Web.Config file

>
> > <?xml version="1.0"?>
> > <configuration>
> > <appSettings>
> > </appSettings>
> > <connectionStrings/>
> > <system.web>
> > <compilation debug="true"/>
> > <authentication mode="Forms"/>
> > <authorization>
> > <deny users="?"/>
> > </authorization>
> > </system.web>
> > </configuration>

>
> > Lets say that the app is on the following URL:www.myapp.com.
> > When I accesswww.myapp.com/default.aspxI will correctly be
> > redirected to the Login.aspx page.
> > But if I trywww.myapp.com/pictures/mypicture.jpgthe picture is
> > loaded without requiring login.
> > Same happens for html pages.

>
> > I have checked that the app is running under NET 2.0 in IIS.
> > I have tried to install on 3 different 2003 servers but with no
> > difference.

>
> > What am I doing wrong?

>
> > Hope you can help

>
> > Thanks

>
> it's true for Windows Authentication.
>
> What type of Authentication do you use?- Skjul tekst i anførselstegn -
>
> - Vis tekst i anførselstegn -


I use Forms Authentication.
But I read somewhare that it should work for both Windows and Forms
Authentication.
Anyway if it was only working for Windows Authentication there where
nothing new since this could be acompliced in .NET 1.1 by setting
directory security in IIS

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Authorization not working as expected las@labapps.com ASP .Net 1 08-17-2006 07:57 PM
URL Authorization does not override File Authorization? SeanRW ASP .Net Security 1 05-25-2006 06:18 AM
web.config authorization element not working as expected on ASP.NET Development Server J055 ASP .Net 1 03-13-2006 02:28 AM
Problem using AzMan url Authorization and HttpHandler =?Utf-8?B?UmVuem8=?= ASP .Net 1 03-24-2005 05:53 PM
Re: Authentication/Authorization not working Curt_C [MVP] ASP .Net 3 04-20-2004 12:43 AM



Advertisments