Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Securing a directory

Thread Tools

Securing a directory

Simon Harvey
Posts: n/a
Hi everyone,

I just read an article that said that when you use a web.config file to
secure a directory, all it can do is secure the resources in that
directory - not any non .net resources.
For ecample, image files, html and asp files would not be secured.

I didnt actually realise this and it gave me a bit of a fright! Can anyone
suggest the best way to keep a directory secured in an application using
Forms Authentication.

It's not a problem for me at the moment because I havent made a site that
would be affected, but I'm not really sure how I would ensure a directory
was totally locked down should the need arise.

Thanks to anyone who can help

Kindest Regards


Reply With Quote
Posts: n/a
Yes that is correct - only files with an ASP.NET extension (.aspx, .asmx,...) are processed by the ASP.NET ISAPI extension
Files with .asp extension are processed by traditional ASP and so on.

NTFS permissions will be used for static files such as .jpg .txt etc.

You can see the mappings in the IIS manager - right click on your web site, "properties" then click "configuration" on the virtual directory tab.

Check this article on MSDN for more info:

Reply With Quote
Posts: n/a
One other thing - you should also run IIS lockdown wizard and install URLscan
You can configure URLscan to reject requests for file types that you don't want to be directly requestable

I run URLScan even in my development environment.
Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Securing a server side directory Dave Kelly HTML 2 04-19-2009 01:03 AM
Securing a directory and its files with forms authentication Frank ASP .Net Security 1 04-17-2008 05:29 AM
System.IO.Directory.GetDirectories() and System.IO.Directory.GetFiles() are not returning the specified directory Nathan Sokalski ASP .Net 2 09-06-2007 03:58 PM
having trouble securing my wireless laptop FireBrick Wireless Networking 2 08-10-2004 12:37 PM
Securing a directory Simon Harvey ASP .Net 7 02-16-2004 03:19 PM