URL Authorization in ASP.NET 2.0 not working for html and image files

pop

Microsoft says that

------------
ASP.NET version 2.0 on Windows Server 2003 protects all files in a
given directory, even those not mapped to ASP.NET, such
as .html, .gif, and .jpg files.
-------------

I have a ASP.NET 2.0 webapp on a 2003 server with the following
Web.Config file

<?xml version="1.0"?>
<configuratio n>
<appSettings>
</appSettings>
<connectionStri ngs/>
<system.web>
<compilation debug="true"/>
<authenticati on mode="Forms"/>
<authorizatio n>
<deny users="?"/>
</authorization>
</system.web>
</configuration>

Lets say that the app is on the following URL: www.myapp.com.
When I access www.myapp.com/default.aspx I will correctly be
redirected to the Login.aspx page.
But if I try www.myapp.com/pictures/mypicture.jpg the picture is
loaded without requiring login.
Same happens for html pages.

I have checked that the app is running under NET 2.0 in IIS.
I have tried to install on 3 different 2003 servers but with no
difference.

What am I doing wrong?

Hope you can help

Thanks

Jun 6 '07 #1

Subscribe Reply

2247

Alexey Smirnov

<po*@flink.dkwr ote in message
news:11******** **************@ z28g2000prd.goo glegroups.com.. .

Microsoft says that

------------
ASP.NET version 2.0 on Windows Server 2003 protects all files in a
given directory, even those not mapped to ASP.NET, such
as .html, .gif, and .jpg files.
-------------

I have a ASP.NET 2.0 webapp on a 2003 server with the following
Web.Config file

<?xml version="1.0"?>
<configuratio n>
<appSettings>
</appSettings>
<connectionStri ngs/>
<system.web>
<compilation debug="true"/>
<authenticati on mode="Forms"/>
<authorizatio n>
<deny users="?"/>
</authorization>
</system.web>
</configuration>

Lets say that the app is on the following URL: www.myapp.com.
When I access www.myapp.com/default.aspx I will correctly be
redirected to the Login.aspx page.
But if I try www.myapp.com/pictures/mypicture.jpg the picture is
loaded without requiring login.
Same happens for html pages.

I have checked that the app is running under NET 2.0 in IIS.
I have tried to install on 3 different 2003 servers but with no
difference.

What am I doing wrong?

Hope you can help

Thanks

it's true for Windows Authentication.

What type of Authentication do you use?

Jun 7 '07 #2

Aion

On 7 Jun., 21:38, "Alexey Smirnov" <alexey.smir... @gmail.comwrote :

<p...@flink.dkw rote in message

news:11******** **************@ z28g2000prd.goo glegroups.com.. .

Microsoft says that

------------
ASP.NET version 2.0 on Windows Server 2003 protects all files in a
given directory, even those not mapped to ASP.NET, such
as .html, .gif, and .jpg files.
-------------

I have a ASP.NET 2.0 webapp on a 2003 server with the following
Web.Config file

<?xml version="1.0"?>
<configuratio n>
<appSettings>
</appSettings>
<connectionStri ngs/>
<system.web>
<compilation debug="true"/>
<authenticati on mode="Forms"/>
<authorizatio n>
<deny users="?"/>
</authorization>
</system.web>
</configuration>

Lets say that the app is on the following URL:www.myapp.com.
When I accesswww.myapp .com/default.aspxI will correctly be
redirected to the Login.aspx page.
But if I trywww.myapp.co m/pictures/mypicture.jpgth e picture is
loaded without requiring login.
Same happens for html pages.

I have checked that the app is running under NET 2.0 in IIS.
I have tried to install on 3 different 2003 servers but with no
difference.

What am I doing wrong?

Hope you can help

Thanks

it's true for Windows Authentication.

What type of Authentication do you use?- Skjul tekst i anførselstegn -

- Vis tekst i anførselstegn -

I use Forms Authentication.
But I read somewhare that it should work for both Windows and Forms
Authentication.
Anyway if it was only working for Windows Authentication there where
nothing new since this could be acompliced in .NET 1.1 by setting
directory security in IIS :-)

Jun 10 '07 #3

Similar topics

1719

File Upload and conversion not working

by: Eugene Borukhovich | last post by:

Hello, I just got a client that is running their PHP site on Apache 1.3 with PHP 4.x. The server is very weak and during peak times hangs. I am not a programmer, so having a little dificulty figuring these out.... I am in a process of moving it over to another server, however running into a few things: 1. One of the links is to upload your own logo in a BMP format and the

PHP

4542

Authorization elements in web.config

by: Chris Leffer | last post by:

Hi. I would like to confirm a behaviour in the authorization element from the web.config file. Suppose the following (using Forms authentication): <authorization> <deny users="?" /> <deny users="User1" /> <allow users="User1" /> </authorization>

ASP.NET

3013

Authorization HTML Header going missing

by: Shaun Wilde | last post by:

I am not sure if this is a .NET bug/feature and IIS5 one or a combination of the 2 so here goes I have a situation where when I call an ASP.NET webservice running under windows 2000 (I assume IIS5) with a webservice client also in .NET that the webservice request loses the Authorization HTML header. This DOES NOT happen under Windows 2003. I am using the followng (patch/fix) to preauthenticate the web request (this

ASP.NET

1500

Working with proprietary image formats ...

by: Christopher Kurtis Koeber | last post by:

Dear All, Recently I created a thread about trying to load a particular ICON image that GDI plus could not load. I realized that GDI plus definitely does not support it because it had a certain resolution that is not in any of its built in format libraries. So my question is this, how would I go about working with images that are not in GDI+ native libraries, such as raw camera files (*.RAW, etc.), Pixar's file format, and plenty of other...

Visual Basic .NET

1591

web.config authorization element not working as expected on ASP.NET Development Server

by: J055 | last post by:

Ver. VS2005 Hi I'm using forms authentication and have set the authorization element to deny anonymous users. This works fine except that when I view the login.aspx page as an unauthenticated user I am denied access to non-asp files like css, gif, jpg etc. The only happens on the ASP.NET Development Server and not when I publish to

ASP.NET

1833

authorization problem

by: sonu | last post by:

Mark is creating a website using ASP.NET. He is using Forms authentication for authenticating and authorizing users. He has the following layout of files and directories in his website: Root ....File Manager/ ....Files Employee/

C# / C Sharp

2756

Creating Random Image Authorization

by: tshad | last post by:

I am trying to set up an Image authorization where you type in the value that is in a picture to log on to our site. I found a program that is supposed to do it, but it doesn't seem to work. It should put a blue and yellow box on the page with "This is a test" as part of the picture. But what I get is a broken Gif. The other problem is that I can't view the source???? The view source is disabled for this page. What causes this?

ASP.NET

3289

Php Upload script not working

by: camphor | last post by:

hi, I have found an upload script in hotscripts and have implemented it into the website, I followed the installation steps to 'give write permissions to php on the upload folder (which is _uploadedfiles_xxxx) (php must be allowed to move uploaded files to this folder' - uploadedfiles_xxxx. I typed <?php chmod ('_uploadedfiles_xxxx',640); ?> into notepad and saved it as php in the uploaded_xxxx folder, when I went to test it, the error...

PHP

1347

Authorization Confusion

by: Jonathan Wood | last post by:

I have a subfolder on my Website that contains images. It also contains the web.config file shown below. When I access the site, I get the Login page as expected. But if I type in the URL of an image in the folder that contains images, the image is displayed in the browser. I don't understand why I am not prevented from seeing the contents of this folder since I have not been authenticated. Does it have something to do with the fact...

ASP.NET

8830

Changing the language in Windows 10

by: Hystou | last post by:

Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...

Windows Server

9370

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...

Online Marketing

8242

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...

Career Advice

6796

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...

Microsoft Access / VBA

6074

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...

C# / C Sharp

4602

Trying to create a lan-to-lan vpn between two differents networks

by: TSSRALBI | last post by:

Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...

Networking - Hardware / Configuration

4874

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

3312

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

C# / C Sharp

2782

How to add payments to a PHP MySQL app.

by: muto222 | last post by:

How can i add a mobile payment intergratation into php mysql website.

PHP