Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Securing a directory

Reply
Thread Tools

Securing a directory

 
 
Simon Harvey
Guest
Posts: n/a
 
      02-15-2004
Hi everyone,

I just read an article that said that when you use a web.config file to
secure a directory, all it can do is secure the asp.net resources in that
directory - not any non .net resources.
For ecample, image files, html and asp files would not be secured.

I didnt actually realise this and it gave me a bit of a fright! Can anyone
suggest the best way to keep a directory secured in an application using
Forms Authentication.

It's not a problem for me at the moment because I havent made a site that
would be affected, but I'm not really sure how I would ensure a directory
was totally locked down should the need arise.

Thanks to anyone who can help

Kindest Regards

Simon



 
Reply With Quote
 
 
 
 
richlm
Guest
Posts: n/a
 
      02-18-2004
Simon
Yes that is correct - only files with an ASP.NET extension (.aspx, .asmx,...) are processed by the ASP.NET ISAPI extension
Files with .asp extension are processed by traditional ASP and so on.

NTFS permissions will be used for static files such as .jpg .txt etc.

You can see the mappings in the IIS manager - right click on your web site, "properties" then click "configuration" on the virtual directory tab.

Check this article on MSDN for more info:
http://msdn.microsoft.com/library/de...cnetlpMSDN.asp

 
Reply With Quote
 
 
 
 
richlm
Guest
Posts: n/a
 
      02-18-2004
One other thing - you should also run IIS lockdown wizard and install URLscan
You can configure URLscan to reject requests for file types that you don't want to be directly requestable

I run URLScan even in my development environment.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Securing a server side directory Dave Kelly HTML 2 04-19-2009 01:03 AM
Securing a directory and its files with forms authentication Frank ASP .Net Security 1 04-17-2008 05:29 AM
System.IO.Directory.GetDirectories() and System.IO.Directory.GetFiles() are not returning the specified directory Nathan Sokalski ASP .Net 2 09-06-2007 03:58 PM
having trouble securing my wireless laptop FireBrick Wireless Networking 2 08-10-2004 12:37 PM
Securing a directory Simon Harvey ASP .Net 7 02-16-2004 03:19 PM



Advertisments