Using Forms Authentication, users can't get to my .aspx pages but they can
get directly to, for example, Setup.exe.
What setting can I use to protect ALL files within my app from hackers until
they login?
My web.config currently looks like this:
<authentication mode="Forms">
<forms loginUrl="frmLogin.aspx" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
Thanks!
Ron Cook 5 2033
Hi Ron, some options.
Use NT authentication instead.
Or tell your web server not to serve EXE files.
Put items you don't want served in another folder. This can be a
subfolder in your app, just ensure that your web account doesn't have
access to that folder.
Also (someone remind me) can you configure individual page loading
options in the Global.asax? I know you can config for application and
session start and ends, what about pages as well?
On Mon, 30 Jan 2006 16:41:41 -0700, "Ronald S. Cook"
<rc***@westinis.com> wrote: Using Forms Authentication, users can't get to my .aspx pages but they can get directly to, for example, Setup.exe.
What setting can I use to protect ALL files within my app from hackers until they login?
[snip]
Put all the files you don't want the users to be able to access in a
folder and allow only logged on users to access that folder.
Thanks!
Ron Cook
Otis Mukinfus http://www.otismukinfus.com http://www.tomchilders.com
On Mon, 30 Jan 2006 21:07:08 -0600, Otis Mukinfus
<ph***@emailaddress.com> wrote:
Well I said that kinda backwards didn't I? Restrict the users from
the folder that has the file you don't want them to access :o[ On Mon, 30 Jan 2006 16:41:41 -0700, "Ronald S. Cook" <rc***@westinis.com> wrote:
Using Forms Authentication, users can't get to my .aspx pages but they can get directly to, for example, Setup.exe.
What setting can I use to protect ALL files within my app from hackers until they login? [snip]
Put all the files you don't want the users to be able to access in a folder and allow only logged on users to access that folder.
Thanks!
Ron Cook
Otis Mukinfus http://www.otismukinfus.com http://www.tomchilders.com
Otis Mukinfus http://www.otismukinfus.com http://www.tomchilders.com
Cool, but how?
Thanks!
Ron
"Otis Mukinfus" <ph***@emailaddress.com> wrote in message
news:na********************************@4ax.com... On Mon, 30 Jan 2006 21:07:08 -0600, Otis Mukinfus <ph***@emailaddress.com> wrote:
Well I said that kinda backwards didn't I? Restrict the users from the folder that has the file you don't want them to access :o[
On Mon, 30 Jan 2006 16:41:41 -0700, "Ronald S. Cook" <rc***@westinis.com> wrote:
Using Forms Authentication, users can't get to my .aspx pages but they can get directly to, for example, Setup.exe.
What setting can I use to protect ALL files within my app from hackers until they login? [snip]
Put all the files you don't want the users to be able to access in a folder and allow only logged on users to access that folder.
Thanks!
Ron Cook
Otis Mukinfus http://www.otismukinfus.com http://www.tomchilders.com
Otis Mukinfus http://www.otismukinfus.com http://www.tomchilders.com
Just normal folder security. Remove the IUSR_xxxxx account from having
access to the folder with the files you want to protect. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: travelling_nerd |
last post by:
Folks:
I have some zip files I'd like to serve to authenticated users on my
site, but would like to prevent unauthorized users from using an
absolute path to get to these zip files. For example...
|
by: feng |
last post by:
Right now I have my login.aspx protects all the pages in
my web application. This is done through the following
configuration:
<authentication mode="Forms">
<forms name="MyWeb" path="/"...
|
by: www.MSmobiles.com |
last post by:
Hi!
I am using something like this in web.config :
<authentication mode="Forms">
<forms name=".MSMOBILES_COM___COOKIE"
loginUrl="login.aspx"
protection="All"
timeout="30"
path="/">
|
by: Sam |
last post by:
I have successfully created authentication via web.config however I
discovered some security issues as follows:
1. ASPX Security
I have web application via asp.net and it is consist of following...
|
by: Craig |
last post by:
I have a folder within my web application that holds a bunch of word
documents. I have security setup to use forms authentication. If I try and
access a .aspx page that is not listed in my...
| |
by: sunniyeow |
last post by:
Hi, My question is regarding password protecting 2 different folders
inside a single virtual directory using forms authentication method.
Easier if I illustrate things out...
- <authentication...
|
by: Alan Silver |
last post by:
Hello,
Sorry this is a bit wordy, but it's a pretty simple question...
I have a web site, http://domain/ which is a public site, part of which
(http://domain/a/) is protected by forms...
|
by: Ronald S. Cook |
last post by:
In my ASP.NET 2.0 Web app, I want to make some files inaccessible to
unauthenticated users. Using Forms Authentication, this works fine for
..aspx pages, but not for regular old .htm pages. How...
|
by: djnokturnal |
last post by:
Hey guys/gals,
I have successfully implemented forms authentication on my site:
<authentication mode="Forms">
<forms loginUrl="/Members/Login.aspx" timeout="20"...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
| |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |