Hi there!
I am using VS 2005 beta for developing my new web application.
I have a security issue, that I don't know if it is wrong by me, an IIS6 problem or an VS beta problem.
I have a web application where the first page is public and IIS is set up with Anonymous login enabled and Integrated Windows authentication.
All other pages is placed under a folder called Protected created from VS.
My web.config looks like this (shrinked):
<system.web>
<authenticati on mode="Windows"/>
</system.web>
<location path="Protected ">
<system.web>
<authorizatio n>
<allow users="projdev\ prospects"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
The problem is that I CAN browse all .htm pages under the folder Protected. The pages named .aspx is protected as they should.
Is it not "allowed" to use .htm pages in my app, or am I doing something wrong?
Regards Magnus 2 1352
Magnus Blomberg wrote: Hi there!
I am using VS 2005 beta for developing my new web application. I have a security issue, that I don't know if it is wrong by me, an IIS6 problem or an VS beta problem.
I have a web application where the first page is public and IIS is set up with Anonymous login enabled and Integrated Windows authentication. All other pages is placed under a folder called Protected created from VS. My web.config looks like this (shrinked):
<system.web> <authenticati on mode="Windows"/> </system.web> <location path="Protected "> <system.web> <authorizatio n> <allow users="projdev\ prospects"/> <deny users="*"/> </authorization> </system.web> </location>
The problem is that I CAN browse all .htm pages under the folder Protected. The pages named .aspx is protected as they should.
Is it not "allowed" to use .htm pages in my app, or am I doing something wrong?
Regards Magnus
..htm and .html files are not handles by the asp(.net) parser so you can
request them without a problem.
To change this: rename the files to .aspx or let the htm(l) files being
parsed.
--
//Rutger DoDotNet@KICKTH IS_Gmail.com www.RutgerSmit.com
Ok, then I know. I will rename them.
Thanks
Regards Magnus
"Rutger Smit" <DoDotNet@KICKT HIS_Gmail.com> wrote in message
news:#S******** ******@TK2MSFTN GP15.phx.gbl... Magnus Blomberg wrote:
Hi there!
I am using VS 2005 beta for developing my new web application. I have a security issue, that I don't know if it is wrong by me, an IIS6 problem or an VS beta problem.
I have a web application where the first page is public and IIS is set up with Anonymous login enabled and Integrated Windows authentication. All other pages is placed under a folder called Protected created from
VS. My web.config looks like this (shrinked):
<system.web> <authenticati on mode="Windows"/> </system.web> <location path="Protected "> <system.web> <authorizatio n> <allow users="projdev\ prospects"/> <deny users="*"/> </authorization> </system.web> </location>
The problem is that I CAN browse all .htm pages under the folder Protected. The pages named .aspx is protected as they should.
Is it not "allowed" to use .htm pages in my app, or am I doing something wrong?
Regards Magnus
.htm and .html files are not handles by the asp(.net) parser so you can request them without a problem.
To change this: rename the files to .aspx or let the htm(l) files being parsed.
--
//Rutger
DoDotNet@KICKTH IS_Gmail.com www.RutgerSmit.com This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Fran Tirimo |
last post by:
I am developing a small website using ASP scripts to format data retrieved
from an Access database. It will run on a Windows 2003 server supporting
FrontPage extensions 2002 hosted by the company 1&1 with only limited server
configuration via a web based control panel.
My query relates to the ASP security model and how it relates to FrontPage
options for setting file access on a database file. If you know of any
online documentation...
|
by: Champika Nirosh |
last post by:
Hi All,
I am developing a Content Repository to store some html pages (htmls have
some embadded resources such as images)
I keep all the html files and their resources away form the wwwroot, when a
logged-in user requested for a particular html page.. I get the location of
that html file from the DB and send it to the user while copying all the
embadded resources belong to this file in to another temp folder in wwwroot.
I re-write all...
|
by: Craig Buchanan |
last post by:
I'm building an application that uses a folder and object heirarchy
metaphor. I would like to be able to set access rights generically (at the
folder) or specifically (for the object) for groups or individuals. I would
also like to be able to 'inherit' rights from parent folders to child
folders.
Has anyone seen any examples of how this might be done or suggest an
approach?
Thanks,
|
by: Remco |
last post by:
Hi,
I'm working on a secure webportal, a simple representation of my folders:
Root
->Users
->Admins
->Printing
If somebody attempts to access a sub folder he or she will be redirected to
|
by: Joseph Geretz |
last post by:
I'm having a credentialing problem in my web application. Actually, I don't
think this is an IIS security issue, since I'm able to access the page I'm
requesting. However, the executing page itself is not able to access a
specific network resource and I just can't figure out why. First of all, let
me say this worked fine with IIS running on Win2000 Server. This has not
worked since I upgraded to Windows Server 2003.
My Platform: Windows...
| |
by: Vayse |
last post by:
Hi
On the company server, there is a folder for each client. This folder should
be named after the Clients 6 digiit ID.
At the moment, the folders are created manually by users. Of course, this
leads to errors.
So I'd like to write a program that creates the folder. Just use
My.Computer.FileSystem.CreateDirectory will work fine, except for one issue.
I want to change the permissions on the server so that users can't create
folders...
|
by: markrawlingson |
last post by:
Hey guys,
Having a bit of a complicated issue here so please bare with me while I explain. I'm also not a system admin and don't know a whole lot about IIS, so i apologize in advance.
I discovered this morning an inconsitency within the application pools of our website. Basically, we have a maze of cluttered folders and other gargabe within the website - with one main folder, called /secured/ running from the root of the website, which...
|
by: yawnmoth |
last post by:
A particular web hosting company decided to install phpsuexec on all
their webservers, citing security considerations. My question is...
is it really more secure?
Without phpsuexec, if a PHP script is to create new files, public
write permission needs to be enabled on the particular directory since
PHP is ran as user 'nobody'.
With phpsuexec, however, that's not needed. phpsuexec runs as the
root user.
|
by: transpar3nt |
last post by:
Hello all, first time poster, long time reader. I have been studying
PHP and web development for a while now but have never taken on a paid
project with it until now. I have been asked by a dermatology clinic
to redesign their website with a portion that allows the patient to
create an account with the site and enter their personal information
so it is ready for the doctors to access when the patient arrives for
a check up.
My concern...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |