471,306 Members | 1,334 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,306 software developers and data experts.

How protect non aspx files using Forms Authentication?

Using Forms Authentication, users can't get to my .aspx pages but they can
get directly to, for example, Setup.exe.

What setting can I use to protect ALL files within my app from hackers until
they login?

My web.config currently looks like this:

<authentication mode="Forms">

<forms loginUrl="frmLogin.aspx" />

</authentication>

<authorization>

<deny users="?" />

</authorization>

Thanks!

Ron Cook
Jan 30 '06 #1
5 1944
Hi Ron, some options.

Use NT authentication instead.

Or tell your web server not to serve EXE files.

Put items you don't want served in another folder. This can be a
subfolder in your app, just ensure that your web account doesn't have
access to that folder.

Also (someone remind me) can you configure individual page loading
options in the Global.asax? I know you can config for application and
session start and ends, what about pages as well?

Jan 31 '06 #2
On Mon, 30 Jan 2006 16:41:41 -0700, "Ronald S. Cook"
<rc***@westinis.com> wrote:
Using Forms Authentication, users can't get to my .aspx pages but they can
get directly to, for example, Setup.exe.

What setting can I use to protect ALL files within my app from hackers until
they login? [snip]

Put all the files you don't want the users to be able to access in a
folder and allow only logged on users to access that folder.
Thanks!

Ron Cook


Otis Mukinfus
http://www.otismukinfus.com
http://www.tomchilders.com
Jan 31 '06 #3
On Mon, 30 Jan 2006 21:07:08 -0600, Otis Mukinfus
<ph***@emailaddress.com> wrote:

Well I said that kinda backwards didn't I? Restrict the users from
the folder that has the file you don't want them to access :o[
On Mon, 30 Jan 2006 16:41:41 -0700, "Ronald S. Cook"
<rc***@westinis.com> wrote:
Using Forms Authentication, users can't get to my .aspx pages but they can
get directly to, for example, Setup.exe.

What setting can I use to protect ALL files within my app from hackers until
they login?

[snip]

Put all the files you don't want the users to be able to access in a
folder and allow only logged on users to access that folder.
Thanks!

Ron Cook


Otis Mukinfus
http://www.otismukinfus.com
http://www.tomchilders.com


Otis Mukinfus
http://www.otismukinfus.com
http://www.tomchilders.com
Jan 31 '06 #4
Cool, but how?

Thanks!
Ron

"Otis Mukinfus" <ph***@emailaddress.com> wrote in message
news:na********************************@4ax.com...
On Mon, 30 Jan 2006 21:07:08 -0600, Otis Mukinfus
<ph***@emailaddress.com> wrote:

Well I said that kinda backwards didn't I? Restrict the users from
the folder that has the file you don't want them to access :o[
On Mon, 30 Jan 2006 16:41:41 -0700, "Ronald S. Cook"
<rc***@westinis.com> wrote:
Using Forms Authentication, users can't get to my .aspx pages but they
can
get directly to, for example, Setup.exe.

What setting can I use to protect ALL files within my app from hackers
until
they login?

[snip]

Put all the files you don't want the users to be able to access in a
folder and allow only logged on users to access that folder.
Thanks!

Ron Cook


Otis Mukinfus
http://www.otismukinfus.com
http://www.tomchilders.com


Otis Mukinfus
http://www.otismukinfus.com
http://www.tomchilders.com

Jan 31 '06 #5
Just normal folder security. Remove the IUSR_xxxxx account from having
access to the folder with the files you want to protect.

Jan 31 '06 #6

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

2 posts views Thread by feng | last post: by
1 post views Thread by Sam | last post: by
2 posts views Thread by Craig | last post: by
4 posts views Thread by sunniyeow | last post: by
1 post views Thread by Ronald S. Cook | last post: by
reply views Thread by rosydwin | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.