By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,491 Members | 1,209 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,491 IT Pros & Developers. It's quick & easy.

Resource protected by Form based aythetication

P: n/a
I can not figure out what is the problem that I can protect ASP.NEt form
resource but not some other type of files, for example, images.
All my aspx forms located in Demo folder and image files located in a
subfolder of Demo, named images. I implement Role based form authentication.
When I access all aps forms, it works fine and ask me user/password. However,
I can use IE browser to directly access any image file in subfolder images.

My configuration:
<authentication mode="Forms">
<forms name="AuthCookie" loginUrl="login.aspx" path="/"
protection="All"> </forms>

</authentication>
<authorization>
<deny users="?" /> <!--deny anonymous users-->
<allow users="*" /> <!-- Allow all users -->
</authorization>
<location path="images">
<system.web>
<authorization>

<deny users="?" />
</authorization>
</system.web>
</location>
Nov 19 '05 #1
Share this Question
Share on Google+
13 Replies


P: n/a
If the images are .JPG or some other file extension IIS handles directly,
then configuration in web.config won't apply, since the request never makes
it there. You can either control security on the files so that anyonymous
users can't access the files but thie requires IIS to do the authentication,
which from your other thread, I don't think you want. In that case you should
map the .JPG request to the aspnet_isapi.dll and let the built in StaticFileHandler
serve up the JPGs and then the web.config settings will take effect.

-Brock
DevelopMentor
http://staff.develop.com/ballen
I can not figure out what is the problem that I can protect ASP.NEt
form
resource but not some other type of files, for example, images.
All my aspx forms located in Demo folder and image files located in a
subfolder of Demo, named images. I implement Role based form
authentication.
When I access all aps forms, it works fine and ask me user/password.
However,
I can use IE browser to directly access any image file in subfolder
images.
My configuration:
<authentication mode="Forms">
<forms name="AuthCookie" loginUrl="login.aspx" path="/"
protection="All"> </forms>
</authentication>
<authorization>
<deny users="?" /> <!--deny anonymous users-->
<allow users="*" /> <!-- Allow all users -->
</authorization>
<location path="images">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>


Nov 19 '05 #2

P: n/a
Brock's suggestion of using IIS to manage the permissions is a good one.
Another approach is to manually manage the permissions of your files by
keeping them in a database or a private folder. Then you can use
Response.Write after you've determined the user has the necessary
permissions.

Here's more info:
http://steveorr.net/articles/EasyUploads.aspx
http://msdn.microsoft.com/library/de...efiletopic.asp

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://SteveOrr.net

"david" <da***@discussions.microsoft.com> wrote in message
news:D4**********************************@microsof t.com...
I can not figure out what is the problem that I can protect ASP.NEt form
resource but not some other type of files, for example, images.
All my aspx forms located in Demo folder and image files located in a
subfolder of Demo, named images. I implement Role based form
authentication.
When I access all aps forms, it works fine and ask me user/password.
However,
I can use IE browser to directly access any image file in subfolder
images.

My configuration:
<authentication mode="Forms">
<forms name="AuthCookie" loginUrl="login.aspx" path="/"
protection="All"> </forms>

</authentication>
<authorization>
<deny users="?" /> <!--deny anonymous users-->
<allow users="*" /> <!-- Allow all users -->
</authorization>
<location path="images">
<system.web>
<authorization>

<deny users="?" />
</authorization>
</system.web>
</location>

Nov 19 '05 #3

P: n/a
Thank your comments from both of you.
Because I use the Form based authentication, so IIS should be set as
anonymous. Therefore, the image files are not protected by directly access
from any user. Am I right? Now the question is that if I still use the form
based authentication, how can I set the security property of the images
folder (right now it is not shared by web and others)?
If I put other type image files (my own version), does it protect them?

David

"Steve C. Orr [MVP, MCSD]" wrote:
Brock's suggestion of using IIS to manage the permissions is a good one.
Another approach is to manually manage the permissions of your files by
keeping them in a database or a private folder. Then you can use
Response.Write after you've determined the user has the necessary
permissions.

Here's more info:
http://steveorr.net/articles/EasyUploads.aspx
http://msdn.microsoft.com/library/de...efiletopic.asp

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://SteveOrr.net

"david" <da***@discussions.microsoft.com> wrote in message
news:D4**********************************@microsof t.com...
I can not figure out what is the problem that I can protect ASP.NEt form
resource but not some other type of files, for example, images.
All my aspx forms located in Demo folder and image files located in a
subfolder of Demo, named images. I implement Role based form
authentication.
When I access all aps forms, it works fine and ask me user/password.
However,
I can use IE browser to directly access any image file in subfolder
images.

My configuration:
<authentication mode="Forms">
<forms name="AuthCookie" loginUrl="login.aspx" path="/"
protection="All"> </forms>

</authentication>
<authorization>
<deny users="?" /> <!--deny anonymous users-->
<allow users="*" /> <!-- Allow all users -->
</authorization>
<location path="images">
<system.web>
<authorization>

<deny users="?" />
</authorization>
</system.web>
</location>


Nov 19 '05 #4

P: n/a
Could you give me a hint who to do the job "you should
map the .JPG request to the aspnet_isapi.dll and let the built in
StaticFileHandler
serve up the JPGs and then the web.config settings will take effect."

Thank you
"Brock Allen" wrote:
If the images are .JPG or some other file extension IIS handles directly,
then configuration in web.config won't apply, since the request never makes
it there. You can either control security on the files so that anyonymous
users can't access the files but thie requires IIS to do the authentication,
which from your other thread, I don't think you want. In that case you should
map the .JPG request to the aspnet_isapi.dll and let the built in StaticFileHandler
serve up the JPGs and then the web.config settings will take effect.

-Brock
DevelopMentor
http://staff.develop.com/ballen
I can not figure out what is the problem that I can protect ASP.NEt
form
resource but not some other type of files, for example, images.
All my aspx forms located in Demo folder and image files located in a
subfolder of Demo, named images. I implement Role based form
authentication.
When I access all aps forms, it works fine and ask me user/password.
However,
I can use IE browser to directly access any image file in subfolder
images.
My configuration:
<authentication mode="Forms">
<forms name="AuthCookie" loginUrl="login.aspx" path="/"
protection="All"> </forms>
</authentication>
<authorization>
<deny users="?" /> <!--deny anonymous users-->
<allow users="*" /> <!-- Allow all users -->
</authorization>
<location path="images">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>


Nov 19 '05 #5

P: n/a
Yeah, you need to go into IIS for your application. Right-click properties,
select the Directory Tab and hit the configuration button. On the Mappings
tab, add a new mapping. The executable is "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspn et_isapi.dll"
(assuming you're on v1.1). The extension is *.JPG. This maps the request
to ASP.NET which will then honor your security settings.

-Brock
DevelopMentor
http://staff.develop.com/ballen
Could you give me a hint who to do the job "you should map the .JPG
request to the aspnet_isapi.dll and let the built in StaticFileHandler
serve up the JPGs and then the web.config settings will take effect."

Thank you

"Brock Allen" wrote:
If the images are .JPG or some other file extension IIS handles
directly, then configuration in web.config won't apply, since the
request never makes it there. You can either control security on the
files so that anyonymous users can't access the files but thie
requires IIS to do the authentication, which from your other thread,
I don't think you want. In that case you should map the .JPG request
to the aspnet_isapi.dll and let the built in StaticFileHandler serve
up the JPGs and then the web.config settings will take effect.

-Brock
DevelopMentor
http://staff.develop.com/ballen
I can not figure out what is the problem that I can protect ASP.NEt
form
resource but not some other type of files, for example, images.
All my aspx forms located in Demo folder and image files located in
a
subfolder of Demo, named images. I implement Role based form
authentication.
When I access all aps forms, it works fine and ask me user/password.
However,
I can use IE browser to directly access any image file in subfolder
images.
My configuration:
<authentication mode="Forms">
<forms name="AuthCookie" loginUrl="login.aspx" path="/"
protection="All"> </forms>
</authentication>
<authorization>
<deny users="?" /> <!--deny anonymous users-->
<allow users="*" /> <!-- Allow all users -->
</authorization>
<location path="images">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>


Nov 19 '05 #6

P: n/a
Hi, Brock:
I have done it following your direction. At the beginning, it seems work but
something else wrong. Now it doesn't work. Is there something missing in my
configuration? Do I need add a web.config into images directory? If so, what
shloud it look like?

"Brock Allen" wrote:
Yeah, you need to go into IIS for your application. Right-click properties,
select the Directory Tab and hit the configuration button. On the Mappings
tab, add a new mapping. The executable is "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspn et_isapi.dll"
(assuming you're on v1.1). The extension is *.JPG. This maps the request
to ASP.NET which will then honor your security settings.

-Brock
DevelopMentor
http://staff.develop.com/ballen
Could you give me a hint who to do the job "you should map the .JPG
request to the aspnet_isapi.dll and let the built in StaticFileHandler
serve up the JPGs and then the web.config settings will take effect."

Thank you

"Brock Allen" wrote:
If the images are .JPG or some other file extension IIS handles
directly, then configuration in web.config won't apply, since the
request never makes it there. You can either control security on the
files so that anyonymous users can't access the files but thie
requires IIS to do the authentication, which from your other thread,
I don't think you want. In that case you should map the .JPG request
to the aspnet_isapi.dll and let the built in StaticFileHandler serve
up the JPGs and then the web.config settings will take effect.

-Brock
DevelopMentor
http://staff.develop.com/ballen
I can not figure out what is the problem that I can protect ASP.NEt
form
resource but not some other type of files, for example, images.
All my aspx forms located in Demo folder and image files located in
a
subfolder of Demo, named images. I implement Role based form
authentication.
When I access all aps forms, it works fine and ask me user/password.
However,
I can use IE browser to directly access any image file in subfolder
images.
My configuration:
<authentication mode="Forms">
<forms name="AuthCookie" loginUrl="login.aspx" path="/"
protection="All"> </forms>
</authentication>
<authorization>
<deny users="?" /> <!--deny anonymous users-->
<allow users="*" /> <!-- Allow all users -->
</authorization>
<location path="images">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>


Nov 19 '05 #7

P: n/a
So when you say something else is wrong, what exactly isn't working? You
your pages still work? Do you get an error from ASP.NET?

-Brock
DevelopMentor
http://staff.develop.com/ballen
Hi, Brock:
I have done it following your direction. At the beginning, it seems
work but
something else wrong. Now it doesn't work. Is there something missing
in my
configuration? Do I need add a web.config into images directory? If
so, what
shloud it look like?
"Brock Allen" wrote:
Yeah, you need to go into IIS for your application. Right-click
properties, select the Directory Tab and hit the configuration
button. On the Mappings tab, add a new mapping. The executable is
"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspn et_isapi.dll"
(assuming you're on v1.1). The extension is *.JPG. This maps the
request to ASP.NET which will then honor your security settings.

-Brock
DevelopMentor
http://staff.develop.com/ballen
Could you give me a hint who to do the job "you should map the .JPG
request to the aspnet_isapi.dll and let the built in
StaticFileHandler serve up the JPGs and then the web.config settings
will take effect."

Thank you

"Brock Allen" wrote:

If the images are .JPG or some other file extension IIS handles
directly, then configuration in web.config won't apply, since the
request never makes it there. You can either control security on
the files so that anyonymous users can't access the files but thie
requires IIS to do the authentication, which from your other
thread, I don't think you want. In that case you should map the
.JPG request to the aspnet_isapi.dll and let the built in
StaticFileHandler serve up the JPGs and then the web.config
settings will take effect.

-Brock
DevelopMentor
http://staff.develop.com/ballen
> I can not figure out what is the problem that I can protect
> ASP.NEt
> form
> resource but not some other type of files, for example, images.
> All my aspx forms located in Demo folder and image files located
> in
> a
> subfolder of Demo, named images. I implement Role based form
> authentication.
> When I access all aps forms, it works fine and ask me
> user/password.
> However,
> I can use IE browser to directly access any image file in
> subfolder
> images.
> My configuration:
> <authentication mode="Forms">
> <forms name="AuthCookie" loginUrl="login.aspx" path="/"
> protection="All"> </forms>
> </authentication>
> <authorization>
> <deny users="?" /> <!--deny anonymous users-->
> <allow users="*" /> <!-- Allow all users -->
> </authorization>
> <location path="images">
> <system.web>
> <authorization>
> <deny users="?" />
> </authorization>
> </system.web>
> </location>


Nov 19 '05 #8

P: n/a
Hi, Steve:
Thank you very much.
You mean that I can use Response.WriteFile instead of Response.write. Am I
right?

David

"Steve C. Orr [MVP, MCSD]" wrote:
Brock's suggestion of using IIS to manage the permissions is a good one.
Another approach is to manually manage the permissions of your files by
keeping them in a database or a private folder. Then you can use
Response.Write after you've determined the user has the necessary
permissions.

Here's more info:
http://steveorr.net/articles/EasyUploads.aspx
http://msdn.microsoft.com/library/de...efiletopic.asp

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://SteveOrr.net

"david" <da***@discussions.microsoft.com> wrote in message
news:D4**********************************@microsof t.com...
I can not figure out what is the problem that I can protect ASP.NEt form
resource but not some other type of files, for example, images.
All my aspx forms located in Demo folder and image files located in a
subfolder of Demo, named images. I implement Role based form
authentication.
When I access all aps forms, it works fine and ask me user/password.
However,
I can use IE browser to directly access any image file in subfolder
images.

My configuration:
<authentication mode="Forms">
<forms name="AuthCookie" loginUrl="login.aspx" path="/"
protection="All"> </forms>

</authentication>
<authorization>
<deny users="?" /> <!--deny anonymous users-->
<allow users="*" /> <!-- Allow all users -->
</authorization>
<location path="images">
<system.web>
<authorization>

<deny users="?" />
</authorization>
</system.web>
</location>


Nov 19 '05 #9

P: n/a
Correct.

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://SteveOrr.net
"david" <da***@discussions.microsoft.com> wrote in message
news:F0**********************************@microsof t.com...
Hi, Steve:
Thank you very much.
You mean that I can use Response.WriteFile instead of Response.write. Am I
right?

David

"Steve C. Orr [MVP, MCSD]" wrote:
Brock's suggestion of using IIS to manage the permissions is a good one.
Another approach is to manually manage the permissions of your files by
keeping them in a database or a private folder. Then you can use
Response.Write after you've determined the user has the necessary
permissions.

Here's more info:
http://steveorr.net/articles/EasyUploads.aspx
http://msdn.microsoft.com/library/de...efiletopic.asp

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://SteveOrr.net

"david" <da***@discussions.microsoft.com> wrote in message
news:D4**********************************@microsof t.com...
>I can not figure out what is the problem that I can protect ASP.NEt form
> resource but not some other type of files, for example, images.
> All my aspx forms located in Demo folder and image files located in a
> subfolder of Demo, named images. I implement Role based form
> authentication.
> When I access all aps forms, it works fine and ask me user/password.
> However,
> I can use IE browser to directly access any image file in subfolder
> images.
>
> My configuration:
> <authentication mode="Forms">
> <forms name="AuthCookie" loginUrl="login.aspx" path="/"
> protection="All"> </forms>
>
> </authentication>
> <authorization>
> <deny users="?" /> <!--deny anonymous users-->
> <allow users="*" /> <!-- Allow all users -->
> </authorization>
> <location path="images">
> <system.web>
> <authorization>
>
> <deny users="?" />
> </authorization>
> </system.web>
> </location>


Nov 19 '05 #10

P: n/a
You can adjust the ACL of the files through IIS or through the standard
windows security tab of explorer.
(For WinXP you might have to turn off simple file sharing to see this tab.)

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://SteveOrr.net
"david" <da***@discussions.microsoft.com> wrote in message
news:A6**********************************@microsof t.com...
Thank your comments from both of you.
Because I use the Form based authentication, so IIS should be set as
anonymous. Therefore, the image files are not protected by directly access
from any user. Am I right? Now the question is that if I still use the
form
based authentication, how can I set the security property of the images
folder (right now it is not shared by web and others)?
If I put other type image files (my own version), does it protect them?

David

"Steve C. Orr [MVP, MCSD]" wrote:
Brock's suggestion of using IIS to manage the permissions is a good one.
Another approach is to manually manage the permissions of your files by
keeping them in a database or a private folder. Then you can use
Response.Write after you've determined the user has the necessary
permissions.

Here's more info:
http://steveorr.net/articles/EasyUploads.aspx
http://msdn.microsoft.com/library/de...efiletopic.asp

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://SteveOrr.net

"david" <da***@discussions.microsoft.com> wrote in message
news:D4**********************************@microsof t.com...
>I can not figure out what is the problem that I can protect ASP.NEt form
> resource but not some other type of files, for example, images.
> All my aspx forms located in Demo folder and image files located in a
> subfolder of Demo, named images. I implement Role based form
> authentication.
> When I access all aps forms, it works fine and ask me user/password.
> However,
> I can use IE browser to directly access any image file in subfolder
> images.
>
> My configuration:
> <authentication mode="Forms">
> <forms name="AuthCookie" loginUrl="login.aspx" path="/"
> protection="All"> </forms>
>
> </authentication>
> <authorization>
> <deny users="?" /> <!--deny anonymous users-->
> <allow users="*" /> <!-- Allow all users -->
> </authorization>
> <location path="images">
> <system.web>
> <authorization>
>
> <deny users="?" />
> </authorization>
> </system.web>
> </location>


Nov 19 '05 #11

P: n/a
At beginning, I have copied the web.config in the parent directory of images.
It shows the arror message about web.config of the comment line. After I
modified it, then I got another error message about the line <authentication
mode="Forms">.
But ther is nothing wrong with. I have deleted the web.config in the
directory images. It does not work anymore, i.e., I can directly access the
image file without asking password. The web.config is in the parent directory
as before and protects the other files. When I configured the mappings in
IIS, I set Verbs limit to GET,HEAD,POST,and DEBUG, or all. In either case,
the result is same. The mappings was configured for the parent directory Demo.

David

"Brock Allen" wrote:
So when you say something else is wrong, what exactly isn't working? You
your pages still work? Do you get an error from ASP.NET?

-Brock
DevelopMentor
http://staff.develop.com/ballen
Hi, Brock:
I have done it following your direction. At the beginning, it seems
work but
something else wrong. Now it doesn't work. Is there something missing
in my
configuration? Do I need add a web.config into images directory? If
so, what
shloud it look like?
"Brock Allen" wrote:
Yeah, you need to go into IIS for your application. Right-click
properties, select the Directory Tab and hit the configuration
button. On the Mappings tab, add a new mapping. The executable is
"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspn et_isapi.dll"
(assuming you're on v1.1). The extension is *.JPG. This maps the
request to ASP.NET which will then honor your security settings.

-Brock
DevelopMentor
http://staff.develop.com/ballen
Could you give me a hint who to do the job "you should map the .JPG
request to the aspnet_isapi.dll and let the built in
StaticFileHandler serve up the JPGs and then the web.config settings
will take effect."

Thank you

"Brock Allen" wrote:

> If the images are .JPG or some other file extension IIS handles
> directly, then configuration in web.config won't apply, since the
> request never makes it there. You can either control security on
> the files so that anyonymous users can't access the files but thie
> requires IIS to do the authentication, which from your other
> thread, I don't think you want. In that case you should map the
> .JPG request to the aspnet_isapi.dll and let the built in
> StaticFileHandler serve up the JPGs and then the web.config
> settings will take effect.
>
> -Brock
> DevelopMentor
> http://staff.develop.com/ballen
>> I can not figure out what is the problem that I can protect
>> ASP.NEt
>> form
>> resource but not some other type of files, for example, images.
>> All my aspx forms located in Demo folder and image files located
>> in
>> a
>> subfolder of Demo, named images. I implement Role based form
>> authentication.
>> When I access all aps forms, it works fine and ask me
>> user/password.
>> However,
>> I can use IE browser to directly access any image file in
>> subfolder
>> images.
>> My configuration:
>> <authentication mode="Forms">
>> <forms name="AuthCookie" loginUrl="login.aspx" path="/"
>> protection="All"> </forms>
>> </authentication>
>> <authorization>
>> <deny users="?" /> <!--deny anonymous users-->
>> <allow users="*" /> <!-- Allow all users -->
>> </authorization>
>> <location path="images">
>> <system.web>
>> <authorization>
>> <deny users="?" />
>> </authorization>
>> </system.web>
>> </location>


Nov 19 '05 #12

P: n/a
Hi, Brock:
Today I try to access the image.jpg in images directory, I got the error
message in the following:

--------
Server Error in '/Demo' Application.
--------------------------------------------------------------------------------

Configuration Error
Description: An error occurred during the processing of a configuration file
required to service this request. Please review the specific error details
below and modify your configuration file appropriately.

Parser Error Message: It is an error to use a section registered as
allowDefinition='MachineToApplication' beyond application level. This error
can be caused by a virtual directory not being configured as an application
in IIS.

Source Error:
Line 41: -->
Line 42: <!-- ref. data access reference in SMDN April 7, 2005-->
Line 43: <authentication mode="Forms">
Line 44: <forms name="AuthCookie" loginUrl="login.aspx" path="/Demo" >
<!-- I delete timeout="30", otherwise, I can access without asking password
-->
Line 45: </forms>
Source File: c:\inetpub\wwwroot\Demo\images\web.config Line: 43

------

Is it the correct information for protecting the .jpg files?

David

"Brock Allen" wrote:
So when you say something else is wrong, what exactly isn't working? You
your pages still work? Do you get an error from ASP.NET?

-Brock
DevelopMentor
http://staff.develop.com/ballen
Hi, Brock:
I have done it following your direction. At the beginning, it seems
work but
something else wrong. Now it doesn't work. Is there something missing
in my
configuration? Do I need add a web.config into images directory? If
so, what
shloud it look like?
"Brock Allen" wrote:
Yeah, you need to go into IIS for your application. Right-click
properties, select the Directory Tab and hit the configuration
button. On the Mappings tab, add a new mapping. The executable is
"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspn et_isapi.dll"
(assuming you're on v1.1). The extension is *.JPG. This maps the
request to ASP.NET which will then honor your security settings.

-Brock
DevelopMentor
http://staff.develop.com/ballen
Could you give me a hint who to do the job "you should map the .JPG
request to the aspnet_isapi.dll and let the built in
StaticFileHandler serve up the JPGs and then the web.config settings
will take effect."

Thank you

"Brock Allen" wrote:

> If the images are .JPG or some other file extension IIS handles
> directly, then configuration in web.config won't apply, since the
> request never makes it there. You can either control security on
> the files so that anyonymous users can't access the files but thie
> requires IIS to do the authentication, which from your other
> thread, I don't think you want. In that case you should map the
> .JPG request to the aspnet_isapi.dll and let the built in
> StaticFileHandler serve up the JPGs and then the web.config
> settings will take effect.
>
> -Brock
> DevelopMentor
> http://staff.develop.com/ballen
>> I can not figure out what is the problem that I can protect
>> ASP.NEt
>> form
>> resource but not some other type of files, for example, images.
>> All my aspx forms located in Demo folder and image files located
>> in
>> a
>> subfolder of Demo, named images. I implement Role based form
>> authentication.
>> When I access all aps forms, it works fine and ask me
>> user/password.
>> However,
>> I can use IE browser to directly access any image file in
>> subfolder
>> images.
>> My configuration:
>> <authentication mode="Forms">
>> <forms name="AuthCookie" loginUrl="login.aspx" path="/"
>> protection="All"> </forms>
>> </authentication>
>> <authorization>
>> <deny users="?" /> <!--deny anonymous users-->
>> <allow users="*" /> <!-- Allow all users -->
>> </authorization>
>> <location path="images">
>> <system.web>
>> <authorization>
>> <deny users="?" />
>> </authorization>
>> </system.web>
>> </location>


Nov 19 '05 #13

P: n/a
> It shows the arror message about web.config of the comment line. After
I
modified it, then I got another error message about the line
<authentication
mode="Forms">.


<authentication> can only go in the root web.config of your application.
You can put a child web.config with an <authorization> element though. That
will protect the images directory.

-Brock
DevelopMentor
http://staff.develop.com/ballen

Nov 19 '05 #14

This discussion thread is closed

Replies have been disabled for this discussion.