By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,984 Members | 1,421 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,984 IT Pros & Developers. It's quick & easy.

URL Authorization in ASP.NET 2.0 not working for html and image files

P: n/a
pop
Microsoft says that

------------
ASP.NET version 2.0 on Windows Server 2003 protects all files in a
given directory, even those not mapped to ASP.NET, such
as .html, .gif, and .jpg files.
-------------

I have a ASP.NET 2.0 webapp on a 2003 server with the following
Web.Config file

<?xml version="1.0"?>
<configuration>
<appSettings>
</appSettings>
<connectionStrings/>
<system.web>
<compilation debug="true"/>
<authentication mode="Forms"/>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</configuration>

Lets say that the app is on the following URL: www.myapp.com.
When I access www.myapp.com/default.aspx I will correctly be
redirected to the Login.aspx page.
But if I try www.myapp.com/pictures/mypicture.jpg the picture is
loaded without requiring login.
Same happens for html pages.

I have checked that the app is running under NET 2.0 in IIS.
I have tried to install on 3 different 2003 servers but with no
difference.

What am I doing wrong?

Hope you can help

Thanks

Jun 6 '07 #1
Share this Question
Share on Google+
2 Replies


P: n/a

<po*@flink.dkwrote in message
news:11**********************@z28g2000prd.googlegr oups.com...
Microsoft says that

------------
ASP.NET version 2.0 on Windows Server 2003 protects all files in a
given directory, even those not mapped to ASP.NET, such
as .html, .gif, and .jpg files.
-------------

I have a ASP.NET 2.0 webapp on a 2003 server with the following
Web.Config file

<?xml version="1.0"?>
<configuration>
<appSettings>
</appSettings>
<connectionStrings/>
<system.web>
<compilation debug="true"/>
<authentication mode="Forms"/>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</configuration>

Lets say that the app is on the following URL: www.myapp.com.
When I access www.myapp.com/default.aspx I will correctly be
redirected to the Login.aspx page.
But if I try www.myapp.com/pictures/mypicture.jpg the picture is
loaded without requiring login.
Same happens for html pages.

I have checked that the app is running under NET 2.0 in IIS.
I have tried to install on 3 different 2003 servers but with no
difference.

What am I doing wrong?

Hope you can help

Thanks
it's true for Windows Authentication.

What type of Authentication do you use?
Jun 7 '07 #2

P: n/a
On 7 Jun., 21:38, "Alexey Smirnov" <alexey.smir...@gmail.comwrote:
<p...@flink.dkwrote in message

news:11**********************@z28g2000prd.googlegr oups.com...


Microsoft says that
------------
ASP.NET version 2.0 on Windows Server 2003 protects all files in a
given directory, even those not mapped to ASP.NET, such
as .html, .gif, and .jpg files.
-------------
I have a ASP.NET 2.0 webapp on a 2003 server with the following
Web.Config file
<?xml version="1.0"?>
<configuration>
<appSettings>
</appSettings>
<connectionStrings/>
<system.web>
<compilation debug="true"/>
<authentication mode="Forms"/>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</configuration>
Lets say that the app is on the following URL:www.myapp.com.
When I accesswww.myapp.com/default.aspxI will correctly be
redirected to the Login.aspx page.
But if I trywww.myapp.com/pictures/mypicture.jpgthe picture is
loaded without requiring login.
Same happens for html pages.
I have checked that the app is running under NET 2.0 in IIS.
I have tried to install on 3 different 2003 servers but with no
difference.
What am I doing wrong?
Hope you can help
Thanks

it's true for Windows Authentication.

What type of Authentication do you use?- Skjul tekst i anførselstegn -

- Vis tekst i anførselstegn -
I use Forms Authentication.
But I read somewhare that it should work for both Windows and Forms
Authentication.
Anyway if it was only working for Windows Authentication there where
nothing new since this could be acompliced in .NET 1.1 by setting
directory security in IIS :-)

Jun 10 '07 #3

This discussion thread is closed

Replies have been disabled for this discussion.