DotNetNewsgroup.com  
web access to complete list of Microsoft.NET newsgroups
   home   |   control panel login   |   archive  |  
 
  carried group
academic
adonet
aspnet
aspnet.announcements
aspnet.buildingcontrols
aspnet.caching
aspnet.datagridcontrol
aspnet.mobile
aspnet.security
aspnet.webcontrols
aspnet.webservices
assignment_manager
datatools
dotnet.distributed_apps
dotnet.general
dotnet.myservices
dotnet.nternationalization
dotnet.scripting
dotnet.security
dotnet.vjsharp
dotnet.vsa
dotnet.xml
dotnetfaqs
framework
framework.clr
framework.compactframework
framework.component_services
framework.controls
framework.databinding
framework.drawing
framework.enhancements
framework.interop
framework.odbcnet
framework.performance
framework.remoting
framework.sdk
framework.setup
framework.webservices
framework.windowsforms
framework.wmi
frwk.windowsforms.designtime
lang.csharp
lang.jscript
lang.vb
lang.vb.controls
lang.vb.data
lang.vb.upgrade
lang.vc
lang.vc.libraries
  
 
start date: Wed, 20 Jun 2007 11:24:52 -0400,    posted on: microsoft.public.dotnet.framework.aspnet.security        back       

Thread Index
  1    Jason Titcomb
          2    Dominick Baier


Restricting access to sub folders and files.    
Hello All,
I would like to restrict access to a folder and all it's sub-folders and 
files.
Using VS2005, ASP.NET 2.0, Forms Authentication, IIS6

The web.config in the root of the site has the following in the config and 
it works.
It redirects a new user to the login page just fine.
<location path="Movies.aspx">
 <system.web>
  <authorization>
   <deny users="?"/>
  </authorization>
 </system.web>
</location>

The Movies.aspx renders available movies to watch depending on the 
querystring.
The trouble is that if after watching the movie the user can see the url to 
the movie.
If the user accesses the movie url directly it will bypass the 
authentication.
I would like to have the location in the web.config specify a folder, 
sub-folders and all files.

I tried creating a web.config in the Movies folder as follows.
<configuration>
  <location>
    <system.web>
      <authorization>
        <allow users="?"/>
      </authorization>
    </system.web>
  </location>
</configuration>
It seems that the documentation said that if the location did not specify a 
path it would imply all child folders.
This does not work for me.
Any help would be appreciated.
Jason
Date:Wed, 20 Jun 2007 11:24:52 -0400   Author:  

Re: Restricting access to sub folders and files.    
http://www.leastprivilege.com/ProtectingNonASPNETResourcesWithASPNET20.aspx


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)


> Hello All,
> I would like to restrict access to a folder and all it's sub-folders
> and
> files.
> Using VS2005, ASP.NET 2.0, Forms Authentication, IIS6
> The web.config in the root of the site has the following in the config
> and
> it works.
> It redirects a new user to the login page just fine.
> <location path="Movies.aspx">
> <system.web>
> <authorization>
> <deny users="?"/>
> </authorization>
> </system.web>
> </location>
> The Movies.aspx renders available movies to watch depending on the
> querystring.
> The trouble is that if after watching the movie the user can see the
> url to
> the movie.
> If the user accesses the movie url directly it will bypass the
> authentication.
> I would like to have the location in the web.config specify a folder,
> sub-folders and all files.
> I tried creating a web.config in the Movies folder as follows.
> <configuration>
> <location>
> <system.web>
> <authorization>
> <allow users="?"/>
> </authorization>
> </system.web>
> </location>
> </configuration>
> It seems that the documentation said that if the location did not
> specify a
> path it would imply all child folders.
> This does not work for me.
> Any help would be appreciated.
> Jason
Date:Wed, 20 Jun 2007 16:19:04 +0000 (UTC)   Author:  

Google
 
Web dotnetnewsgroup.com


COPYRIGHT ?2005, EUROFRONT WORLDWIDE LTD., ALL RIGHT RESERVE  |   Contact us