By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
429,515 Members | 1,339 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 429,515 IT Pros & Developers. It's quick & easy.

Web.Config and Virtual Directory

P: n/a
We have a intranet site that allows one of our departments to search a set
of pdfs and then look at them. Only problem is that only they and us geeks
should be allowed to see the pdfs. We have it locked down except for when a
person directly types in the url to a pdf. Currently, the PDFs are in a
virtual directory off the root of the server. Putting it under the search
site also doesn't work. My understanding is that IIS looks as the virtual
directory as a separate site and will not carry web.config settings down to
it. Putting a web.config in the virtual directory directly doesn't work
either. How do I secure this virtual directory so only certain users can
get to the pdfs?

Scott

Nov 18 '05 #1
Share this Question
Share on Google+
10 Replies


P: n/a
This is not an ASP.NET issue, but an IIS one.

Use IIS security to authenticate users for this virtual directory. That
means you have to disable anonymous access.

Jeffrey Palermo

"Wm. Scott Miller" <Sc**********@spam.killer.wvinsurance.gov> wrote in
message news:O8****************@TK2MSFTNGP10.phx.gbl...
We have a intranet site that allows one of our departments to search a set
of pdfs and then look at them. Only problem is that only they and us geeks should be allowed to see the pdfs. We have it locked down except for when a person directly types in the url to a pdf. Currently, the PDFs are in a
virtual directory off the root of the server. Putting it under the search
site also doesn't work. My understanding is that IIS looks as the virtual
directory as a separate site and will not carry web.config settings down to it. Putting a web.config in the virtual directory directly doesn't work
either. How do I secure this virtual directory so only certain users can
get to the pdfs?

Scott

Nov 18 '05 #2

P: n/a
IIS is set to Windows Authentication with all other methods disabled.

Scott

"Jeffrey Palermo" <je************@yahoo.com> wrote in message
news:OP*************@TK2MSFTNGP09.phx.gbl...
This is not an ASP.NET issue, but an IIS one.

Use IIS security to authenticate users for this virtual directory. That
means you have to disable anonymous access.

Jeffrey Palermo

"Wm. Scott Miller" <Sc**********@spam.killer.wvinsurance.gov> wrote in
message news:O8****************@TK2MSFTNGP10.phx.gbl...
We have a intranet site that allows one of our departments to search a set of pdfs and then look at them. Only problem is that only they and us geeks
should be allowed to see the pdfs. We have it locked down except for when a
person directly types in the url to a pdf. Currently, the PDFs are in a
virtual directory off the root of the server. Putting it under the

search site also doesn't work. My understanding is that IIS looks as the virtual directory as a separate site and will not carry web.config settings down

to
it. Putting a web.config in the virtual directory directly doesn't work
either. How do I secure this virtual directory so only certain users can get to the pdfs?

Scott


Nov 18 '05 #3

P: n/a
In this case, I'm assuming you are using AD, and these people's windows
accounts have access to these files. Use NTFS security on the folder and
take out "Everyone" if it's there. Fix the NTFS permissions on the folder
with the restricted files so that only appropriate users have access. This
may be a job for your server administrator depending on how your
organization is set up.

Jeffrey Palermo

"Wm. Scott Miller" <Sc**********@spam.killer.wvinsurance.gov> wrote in
message news:OC**************@TK2MSFTNGP11.phx.gbl...
IIS is set to Windows Authentication with all other methods disabled.

Scott

"Jeffrey Palermo" <je************@yahoo.com> wrote in message
news:OP*************@TK2MSFTNGP09.phx.gbl...
This is not an ASP.NET issue, but an IIS one.

Use IIS security to authenticate users for this virtual directory. That
means you have to disable anonymous access.

Jeffrey Palermo

"Wm. Scott Miller" <Sc**********@spam.killer.wvinsurance.gov> wrote in
message news:O8****************@TK2MSFTNGP10.phx.gbl...
We have a intranet site that allows one of our departments to search a set of pdfs and then look at them. Only problem is that only they and us

geeks
should be allowed to see the pdfs. We have it locked down except for when
a
person directly types in the url to a pdf. Currently, the PDFs are in a virtual directory off the root of the server. Putting it under the search site also doesn't work. My understanding is that IIS looks as the virtual directory as a separate site and will not carry web.config settings down to
it. Putting a web.config in the virtual directory directly doesn't
work either. How do I secure this virtual directory so only certain users

can get to the pdfs?

Scott



Nov 18 '05 #4

P: n/a
The actual folder is a network share on another server (IIS box has very
limited HD space). This appears to cause issues because when setting up the
virtual directory, IIS demands a username/password to access the share. How
can we make IIS use the credentials of the user to access the files instead
of a supplied username/password?

Scott

"Jeffrey Palermo" <je************@yahoo.com> wrote in message
news:u6**************@TK2MSFTNGP09.phx.gbl...
In this case, I'm assuming you are using AD, and these people's windows
accounts have access to these files. Use NTFS security on the folder and
take out "Everyone" if it's there. Fix the NTFS permissions on the folder
with the restricted files so that only appropriate users have access. This may be a job for your server administrator depending on how your
organization is set up.

Jeffrey Palermo

"Wm. Scott Miller" <Sc**********@spam.killer.wvinsurance.gov> wrote in
message news:OC**************@TK2MSFTNGP11.phx.gbl...
IIS is set to Windows Authentication with all other methods disabled.

Scott

"Jeffrey Palermo" <je************@yahoo.com> wrote in message
news:OP*************@TK2MSFTNGP09.phx.gbl...
This is not an ASP.NET issue, but an IIS one.

Use IIS security to authenticate users for this virtual directory. That means you have to disable anonymous access.

Jeffrey Palermo

"Wm. Scott Miller" <Sc**********@spam.killer.wvinsurance.gov> wrote in
message news:O8****************@TK2MSFTNGP10.phx.gbl...
> We have a intranet site that allows one of our departments to search a
set
> of pdfs and then look at them. Only problem is that only they and
us geeks
> should be allowed to see the pdfs. We have it locked down except
for when
a
> person directly types in the url to a pdf. Currently, the PDFs are
in
a > virtual directory off the root of the server. Putting it under the

search
> site also doesn't work. My understanding is that IIS looks as the

virtual
> directory as a separate site and will not carry web.config settings down to
> it. Putting a web.config in the virtual directory directly doesn't work > either. How do I secure this virtual directory so only certain

users can
> get to the pdfs?
>
> Scott
>
>
>



Nov 18 '05 #5

P: n/a
Hi Scott:

The web.config authorization settings only protect resources mapped to
ASP.NET. There are two approaches. One is to map PDF files to the
ASPNET runtime by going to the virtual directory properties, click the
application configuration button, and add a mapping for .pdf just like
you see for .aspx. Another approach would be to place the PDF files
outside of the web directories and have the user hit an ASPX page
which will read the contents of the PDF and stream it out.

Let me know if you need more info,

--
Scott
http://www.OdeToCode.com

On Wed, 5 May 2004 13:01:13 -0400, "Wm. Scott Miller"
<Sc**********@spam.killer.wvinsurance.gov> wrote:
We have a intranet site that allows one of our departments to search a set
of pdfs and then look at them. Only problem is that only they and us geeks
should be allowed to see the pdfs. We have it locked down except for when a
person directly types in the url to a pdf. Currently, the PDFs are in a
virtual directory off the root of the server. Putting it under the search
site also doesn't work. My understanding is that IIS looks as the virtual
directory as a separate site and will not carry web.config settings down to
it. Putting a web.config in the virtual directory directly doesn't work
either. How do I secure this virtual directory so only certain users can
get to the pdfs?

Scott


Nov 18 '05 #6

P: n/a
Honestly, that is out of my area of expertise (programming). If it were an
ASP.NET issue, I'd be all over it. I'd be googling this one and talking
with my server admins.

Jeffrey Palermo

"Wm. Scott Miller" <Sc**********@spam.killer.wvinsurance.gov> wrote in
message news:eJ***************@tk2msftngp13.phx.gbl...
The actual folder is a network share on another server (IIS box has very
limited HD space). This appears to cause issues because when setting up the virtual directory, IIS demands a username/password to access the share. How can we make IIS use the credentials of the user to access the files instead of a supplied username/password?

Scott

"Jeffrey Palermo" <je************@yahoo.com> wrote in message
news:u6**************@TK2MSFTNGP09.phx.gbl...
In this case, I'm assuming you are using AD, and these people's windows
accounts have access to these files. Use NTFS security on the folder and
take out "Everyone" if it's there. Fix the NTFS permissions on the folder with the restricted files so that only appropriate users have access. This
may be a job for your server administrator depending on how your
organization is set up.

Jeffrey Palermo

"Wm. Scott Miller" <Sc**********@spam.killer.wvinsurance.gov> wrote in
message news:OC**************@TK2MSFTNGP11.phx.gbl...
IIS is set to Windows Authentication with all other methods disabled.

Scott

"Jeffrey Palermo" <je************@yahoo.com> wrote in message
news:OP*************@TK2MSFTNGP09.phx.gbl...
> This is not an ASP.NET issue, but an IIS one.
>
> Use IIS security to authenticate users for this virtual directory. That > means you have to disable anonymous access.
>
> Jeffrey Palermo
>
> "Wm. Scott Miller" <Sc**********@spam.killer.wvinsurance.gov> wrote in > message news:O8****************@TK2MSFTNGP10.phx.gbl...
> > We have a intranet site that allows one of our departments to search a
set
> > of pdfs and then look at them. Only problem is that only they and us > geeks
> > should be allowed to see the pdfs. We have it locked down except for when
> a
> > person directly types in the url to a pdf. Currently, the PDFs
are
in
a
> > virtual directory off the root of the server. Putting it under

the search
> > site also doesn't work. My understanding is that IIS looks as the
virtual
> > directory as a separate site and will not carry web.config

settings down
> to
> > it. Putting a web.config in the virtual directory directly
doesn't work
> > either. How do I secure this virtual directory so only certain

users can
> > get to the pdfs?
> >
> > Scott
> >
> >
> >
>
>



Nov 18 '05 #7

P: n/a
Scott:

OK, looks like that might work. Only issue is that by adding the PDF files
identical to the aspx definition results in not being able to access them at
all. Do you have any examples of either method that I can look at?

Thanks,
Scott

"Scott Allen" <bitmask@[nospam].fred.net> wrote in message
news:gc********************************@4ax.com...
Hi Scott:

The web.config authorization settings only protect resources mapped to
ASP.NET. There are two approaches. One is to map PDF files to the
ASPNET runtime by going to the virtual directory properties, click the
application configuration button, and add a mapping for .pdf just like
you see for .aspx. Another approach would be to place the PDF files
outside of the web directories and have the user hit an ASPX page
which will read the contents of the PDF and stream it out.

Let me know if you need more info,

--
Scott
http://www.OdeToCode.com

On Wed, 5 May 2004 13:01:13 -0400, "Wm. Scott Miller"
<Sc**********@spam.killer.wvinsurance.gov> wrote:
We have a intranet site that allows one of our departments to search a setof pdfs and then look at them. Only problem is that only they and us geeksshould be allowed to see the pdfs. We have it locked down except for when aperson directly types in the url to a pdf. Currently, the PDFs are in a
virtual directory off the root of the server. Putting it under the searchsite also doesn't work. My understanding is that IIS looks as the virtualdirectory as a separate site and will not carry web.config settings down toit. Putting a web.config in the virtual directory directly doesn't work
either. How do I secure this virtual directory so only certain users can
get to the pdfs?

Scott

Nov 18 '05 #8

P: n/a
I'm actually doing something very very similar to what you are doing, a document management system. I didn't go for the virtual directory option though, I believe that may cause you some grief down the road.

What I did do is set up delegation on my webserver, and access the pdf documents off a network share using the current context of the user who is currently using the system. My asp.net pages just show the documents in the directory.

Here is an article on delegation if you are interested.
http://support.microsoft.com/default...b;en-us;810572

--Michael

"Wm. Scott Miller" <Sc**********@spam.killer.wvinsurance.gov> wrote in message news:eJ***************@tk2msftngp13.phx.gbl...
The actual folder is a network share on another server (IIS box has very
limited HD space). This appears to cause issues because when setting up the
virtual directory, IIS demands a username/password to access the share. How
can we make IIS use the credentials of the user to access the files instead
of a supplied username/password?

Scott

"Jeffrey Palermo" <je************@yahoo.com> wrote in message
news:u6**************@TK2MSFTNGP09.phx.gbl...
In this case, I'm assuming you are using AD, and these people's windows
accounts have access to these files. Use NTFS security on the folder and
take out "Everyone" if it's there. Fix the NTFS permissions on the folder
with the restricted files so that only appropriate users have access.

This
may be a job for your server administrator depending on how your
organization is set up.

Jeffrey Palermo

"Wm. Scott Miller" <Sc**********@spam.killer.wvinsurance.gov> wrote in
message news:OC**************@TK2MSFTNGP11.phx.gbl...
IIS is set to Windows Authentication with all other methods disabled.

Scott

"Jeffrey Palermo" <je************@yahoo.com> wrote in message
news:OP*************@TK2MSFTNGP09.phx.gbl...
> This is not an ASP.NET issue, but an IIS one.
>
> Use IIS security to authenticate users for this virtual directory. That > means you have to disable anonymous access.
>
> Jeffrey Palermo
>
> "Wm. Scott Miller" <Sc**********@spam.killer.wvinsurance.gov> wrote in
> message news:O8****************@TK2MSFTNGP10.phx.gbl...
> > We have a intranet site that allows one of our departments to search a set
> > of pdfs and then look at them. Only problem is that only they and us > geeks
> > should be allowed to see the pdfs. We have it locked down except for when
> a
> > person directly types in the url to a pdf. Currently, the PDFs are in
a
> > virtual directory off the root of the server. Putting it under the
search
> > site also doesn't work. My understanding is that IIS looks as the
virtual
> > directory as a separate site and will not carry web.config settings

down
> to
> > it. Putting a web.config in the virtual directory directly doesn't

work
> > either. How do I secure this virtual directory so only certain

users can
> > get to the pdfs?
> >
> > Scott
> >
> >
> >
>
>



Nov 18 '05 #9

P: n/a
On Wed, 5 May 2004 15:22:05 -0400, "Wm. Scott Miller"
<Sc**********@spam.killer.wvinsurance.gov> wrote:
Scott:

OK, looks like that might work. Only issue is that by adding the PDF files
identical to the aspx definition results in not being able to access them at
all. Do you have any examples of either method that I can look at?

Thanks,
Scott


Hmm. I just tried this specifically with .PDF (I had tried it with
other file types previously) and it appears to be working on my
machine. I know this doesn't help you at all, but let me think of some
options.

In testing it appears IE was aggresively caching PDF content and not
prompting for a login when i launched a new instance and browsed to
the pdf url for a second time, so you might try cleaning out temp
files just to make sure it isn't causing some wierdness.

Are you getting a 403, or a blank browser page? I can send some screen
shots and other information to your email if that would help.

--s
--
Scott
http://www.OdeToCode.com
Nov 18 '05 #10

P: n/a
If I type in the url in pieces, it comes up with the invalid credentials
screens, but as soon as I get to the complete url to the PDF, it shows it.
Even if I actually have not viewed that PDF before. Maybe I'm not
configured right. Could you send some screen shots?

Looks like we have similar techs for preventing spam, you should be able to
figure it out.

Thanks,
Scott

"Scott Allen" <bitmask@[nospam].fred.net> wrote in message
news:19********************************@4ax.com...
On Wed, 5 May 2004 15:22:05 -0400, "Wm. Scott Miller"
<Sc**********@spam.killer.wvinsurance.gov> wrote:
Scott:

OK, looks like that might work. Only issue is that by adding the PDF filesidentical to the aspx definition results in not being able to access them atall. Do you have any examples of either method that I can look at?

Thanks,
Scott


Hmm. I just tried this specifically with .PDF (I had tried it with
other file types previously) and it appears to be working on my
machine. I know this doesn't help you at all, but let me think of some
options.

In testing it appears IE was aggresively caching PDF content and not
prompting for a login when i launched a new instance and browsed to
the pdf url for a second time, so you might try cleaning out temp
files just to make sure it isn't causing some wierdness.

Are you getting a 403, or a blank browser page? I can send some screen
shots and other information to your email if that would help.

--s
--
Scott
http://www.OdeToCode.com

Nov 18 '05 #11

This discussion thread is closed

Replies have been disabled for this discussion.