473,503 Members | 2,197 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

How protect non aspx files using Forms Authentication?

Using Forms Authentication, users can't get to my .aspx pages but they can
get directly to, for example, Setup.exe.

What setting can I use to protect ALL files within my app from hackers until
they login?

My web.config currently looks like this:

<authentication mode="Forms">

<forms loginUrl="frmLogin.aspx" />

</authentication>

<authorization>

<deny users="?" />

</authorization>

Thanks!

Ron Cook
Jan 30 '06 #1
5 2033
Hi Ron, some options.

Use NT authentication instead.

Or tell your web server not to serve EXE files.

Put items you don't want served in another folder. This can be a
subfolder in your app, just ensure that your web account doesn't have
access to that folder.

Also (someone remind me) can you configure individual page loading
options in the Global.asax? I know you can config for application and
session start and ends, what about pages as well?

Jan 31 '06 #2
On Mon, 30 Jan 2006 16:41:41 -0700, "Ronald S. Cook"
<rc***@westinis.com> wrote:
Using Forms Authentication, users can't get to my .aspx pages but they can
get directly to, for example, Setup.exe.

What setting can I use to protect ALL files within my app from hackers until
they login? [snip]

Put all the files you don't want the users to be able to access in a
folder and allow only logged on users to access that folder.
Thanks!

Ron Cook


Otis Mukinfus
http://www.otismukinfus.com
http://www.tomchilders.com
Jan 31 '06 #3
On Mon, 30 Jan 2006 21:07:08 -0600, Otis Mukinfus
<ph***@emailaddress.com> wrote:

Well I said that kinda backwards didn't I? Restrict the users from
the folder that has the file you don't want them to access :o[
On Mon, 30 Jan 2006 16:41:41 -0700, "Ronald S. Cook"
<rc***@westinis.com> wrote:
Using Forms Authentication, users can't get to my .aspx pages but they can
get directly to, for example, Setup.exe.

What setting can I use to protect ALL files within my app from hackers until
they login?

[snip]

Put all the files you don't want the users to be able to access in a
folder and allow only logged on users to access that folder.
Thanks!

Ron Cook


Otis Mukinfus
http://www.otismukinfus.com
http://www.tomchilders.com


Otis Mukinfus
http://www.otismukinfus.com
http://www.tomchilders.com
Jan 31 '06 #4
Cool, but how?

Thanks!
Ron

"Otis Mukinfus" <ph***@emailaddress.com> wrote in message
news:na********************************@4ax.com...
On Mon, 30 Jan 2006 21:07:08 -0600, Otis Mukinfus
<ph***@emailaddress.com> wrote:

Well I said that kinda backwards didn't I? Restrict the users from
the folder that has the file you don't want them to access :o[
On Mon, 30 Jan 2006 16:41:41 -0700, "Ronald S. Cook"
<rc***@westinis.com> wrote:
Using Forms Authentication, users can't get to my .aspx pages but they
can
get directly to, for example, Setup.exe.

What setting can I use to protect ALL files within my app from hackers
until
they login?

[snip]

Put all the files you don't want the users to be able to access in a
folder and allow only logged on users to access that folder.
Thanks!

Ron Cook


Otis Mukinfus
http://www.otismukinfus.com
http://www.tomchilders.com


Otis Mukinfus
http://www.otismukinfus.com
http://www.tomchilders.com

Jan 31 '06 #5
Just normal folder security. Remove the IUSR_xxxxx account from having
access to the folder with the files you want to protect.

Jan 31 '06 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
2
1792
Using NTFS security to protect files served via asp/iis
by: travelling_nerd | last post by:
Folks: I have some zip files I'd like to serve to authenticated users on my site, but would like to prevent unauthorized users from using an absolute path to get to these zip files. For example...
ASP / Active Server Pages
2
2500
Let login page protect all but one page.
by: feng | last post by:
Right now I have my login.aspx protects all the pages in my web application. This is done through the following configuration: <authentication mode="Forms"> <forms name="MyWeb" path="/"...
ASP.NET
1
1764
forms authentication: redirects for *.aspx pages only, not for other extensions, not for static content
by: www.MSmobiles.com | last post by:
Hi! I am using something like this in web.config : <authentication mode="Forms"> <forms name=".MSMOBILES_COM___COOKIE" loginUrl="login.aspx" protection="All" timeout="30" path="/">
ASP.NET
1
1809
aspx security?
by: Sam | last post by:
I have successfully created authentication via web.config however I discovered some security issues as follows: 1. ASPX Security I have web application via asp.net and it is consist of following...
ASP.NET
2
1229
How to secure docs other than .aspx files.
by: Craig | last post by:
I have a folder within my web application that holds a bunch of word documents. I have security setup to use forms authentication. If I try and access a .aspx page that is not listed in my...
ASP.NET
4
2558
Password protect/Forms authentication method
by: sunniyeow | last post by:
Hi, My question is regarding password protecting 2 different folders inside a single virtual directory using forms authentication method. Easier if I illustrate things out... - <authentication...
ASP.NET
7
2439
How do I protect my login page from prying eyes (forms authentication)?
by: Alan Silver | last post by:
Hello, Sorry this is a bit wordy, but it's a pretty simple question... I have a web site, http://domain/ which is a public site, part of which (http://domain/a/) is protected by forms...
ASP.NET
1
1668
Use forms authentication to protect non-aspx files?
by: Ronald S. Cook | last post by:
In my ASP.NET 2.0 Web app, I want to make some files inaccessible to unauthenticated users. Using Forms Authentication, this works fine for ..aspx pages, but not for regular old .htm pages. How...
C# / C Sharp
1
1823
Forms authentication + roles + non-aspx files
by: djnokturnal | last post by:
Hey guys/gals, I have successfully implemented forms authentication on my site: <authentication mode="Forms"> <forms loginUrl="/Members/Login.aspx" timeout="20"...
ASP.NET
0
7205
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
7093
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
7287
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
7349
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
4688
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp
0
3177
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration
0
3168
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
0
1521
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
C# / C Sharp
1
746
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us