The problem is that you aren't passing over file access to the ASP.NET
runtime - this "handoff" occurs based on file extension, which is why
ASP.NET and ASP Classic can co-exist. Your web.config is never touched,
because the ASP.NET handlers are never invoked. You will need to either
protect using file system ACLs (assuming that you are using Windows
authentication) or else simply change the file extension to aspx on these
HTML files.
--
Chris Jackson
Software Engineer
Microsoft MVP - Windows Client
Windows XP Associate Expert
--
More people read the newsgroups than read my email.
Reply to the newsgroup for a faster response.
(Control-G using Outlook Express)
--
"Anton Sommer" <anton.schamy_no_spam_@arcor.de> wrote in message
news:bprsfq$k15$01$...
> Hello folks,
>
> I have my security stuff set up and it works fine for all aspx files, so a
> user that want to access an aspx file in a certain folder can only access
> them when being logged on correctly. But when putting a normal html file
> into that folder that is only accessible by logged on users, that very
file
> can be accessed by everybody, you don`t need to be logged on.
> So how can I secure these html files from unauthorized access?
>
> Thank you
>
>
> Anton
>
>
Similar Threads
