473,396 Members | 2,020 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,396 software developers and data experts.

How protect non aspx files using Forms Authentication?

Using Forms Authentication, users can't get to my .aspx pages but they can
get directly to, for example, Setup.exe.

What setting can I use to protect ALL files within my app from hackers until
they login?

My web.config currently looks like this:

<authentication mode="Forms">

<forms loginUrl="frmLogin.aspx" />

</authentication>

<authorization>

<deny users="?" />

</authorization>

Thanks!

Ron Cook
Jan 30 '06 #1
5 2027
Hi Ron, some options.

Use NT authentication instead.

Or tell your web server not to serve EXE files.

Put items you don't want served in another folder. This can be a
subfolder in your app, just ensure that your web account doesn't have
access to that folder.

Also (someone remind me) can you configure individual page loading
options in the Global.asax? I know you can config for application and
session start and ends, what about pages as well?

Jan 31 '06 #2
On Mon, 30 Jan 2006 16:41:41 -0700, "Ronald S. Cook"
<rc***@westinis.com> wrote:
Using Forms Authentication, users can't get to my .aspx pages but they can
get directly to, for example, Setup.exe.

What setting can I use to protect ALL files within my app from hackers until
they login? [snip]

Put all the files you don't want the users to be able to access in a
folder and allow only logged on users to access that folder.
Thanks!

Ron Cook


Otis Mukinfus
http://www.otismukinfus.com
http://www.tomchilders.com
Jan 31 '06 #3
On Mon, 30 Jan 2006 21:07:08 -0600, Otis Mukinfus
<ph***@emailaddress.com> wrote:

Well I said that kinda backwards didn't I? Restrict the users from
the folder that has the file you don't want them to access :o[
On Mon, 30 Jan 2006 16:41:41 -0700, "Ronald S. Cook"
<rc***@westinis.com> wrote:
Using Forms Authentication, users can't get to my .aspx pages but they can
get directly to, for example, Setup.exe.

What setting can I use to protect ALL files within my app from hackers until
they login?

[snip]

Put all the files you don't want the users to be able to access in a
folder and allow only logged on users to access that folder.
Thanks!

Ron Cook


Otis Mukinfus
http://www.otismukinfus.com
http://www.tomchilders.com


Otis Mukinfus
http://www.otismukinfus.com
http://www.tomchilders.com
Jan 31 '06 #4
Cool, but how?

Thanks!
Ron

"Otis Mukinfus" <ph***@emailaddress.com> wrote in message
news:na********************************@4ax.com...
On Mon, 30 Jan 2006 21:07:08 -0600, Otis Mukinfus
<ph***@emailaddress.com> wrote:

Well I said that kinda backwards didn't I? Restrict the users from
the folder that has the file you don't want them to access :o[
On Mon, 30 Jan 2006 16:41:41 -0700, "Ronald S. Cook"
<rc***@westinis.com> wrote:
Using Forms Authentication, users can't get to my .aspx pages but they
can
get directly to, for example, Setup.exe.

What setting can I use to protect ALL files within my app from hackers
until
they login?

[snip]

Put all the files you don't want the users to be able to access in a
folder and allow only logged on users to access that folder.
Thanks!

Ron Cook


Otis Mukinfus
http://www.otismukinfus.com
http://www.tomchilders.com


Otis Mukinfus
http://www.otismukinfus.com
http://www.tomchilders.com

Jan 31 '06 #5
Just normal folder security. Remove the IUSR_xxxxx account from having
access to the folder with the files you want to protect.

Jan 31 '06 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: travelling_nerd | last post by:
Folks: I have some zip files I'd like to serve to authenticated users on my site, but would like to prevent unauthorized users from using an absolute path to get to these zip files. For example...
2
by: feng | last post by:
Right now I have my login.aspx protects all the pages in my web application. This is done through the following configuration: <authentication mode="Forms"> <forms name="MyWeb" path="/"...
1
by: www.MSmobiles.com | last post by:
Hi! I am using something like this in web.config : <authentication mode="Forms"> <forms name=".MSMOBILES_COM___COOKIE" loginUrl="login.aspx" protection="All" timeout="30" path="/">
1
by: Sam | last post by:
I have successfully created authentication via web.config however I discovered some security issues as follows: 1. ASPX Security I have web application via asp.net and it is consist of following...
2
by: Craig | last post by:
I have a folder within my web application that holds a bunch of word documents. I have security setup to use forms authentication. If I try and access a .aspx page that is not listed in my...
4
by: sunniyeow | last post by:
Hi, My question is regarding password protecting 2 different folders inside a single virtual directory using forms authentication method. Easier if I illustrate things out... - <authentication...
7
by: Alan Silver | last post by:
Hello, Sorry this is a bit wordy, but it's a pretty simple question... I have a web site, http://domain/ which is a public site, part of which (http://domain/a/) is protected by forms...
1
by: Ronald S. Cook | last post by:
In my ASP.NET 2.0 Web app, I want to make some files inaccessible to unauthenticated users. Using Forms Authentication, this works fine for ..aspx pages, but not for regular old .htm pages. How...
1
by: djnokturnal | last post by:
Hey guys/gals, I have successfully implemented forms authentication on my site: <authentication mode="Forms"> <forms loginUrl="/Members/Login.aspx" timeout="20"...
0
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
0
BarryA
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
1
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
1
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
0
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
0
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
0
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
0
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
0
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.