Hi Pony,
Yes, as shimon has mentioned, if you want to let the image files also
utilize the ASP.NET url authorization protection, you need to configure the
IIS to forward requests (for those image files) to ASP.NET's extension
dll(aspnet_isapi.dll).
Basically, in IIS, most request for static files, such as txt, css, gif,
jpg, js..... will be directly processed by IIS instead of ASP.NET runtime
engine. that's why you find that the protection rules(url authorizaiton)
you set in web.config doesn't take effect for image files. To configure
this, you can use the IIS manager (inetmgr.exe) and locate your
application's virtual directory, in the property dialog, choose "virutal
directory" tab, and click the "Configuration" button on the sheet, you'll
find all the extension mapping for that virtual directory( generally
they're inherited from parent virtual directory or IIS site). You can add a
new extension for the file extension which you want to let ASP.NET process
it. Here is a web article which has mentioend on such setting:
#Protecting Files with ASP.NET
http://aspnet.4guysfromrolla.com/articles/020404-1.aspx
#Setting Application Mappings in IIS 6.0 (IIS 6.0)
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/4
c840252-fab7-427e-a197-7facb6649106.mspx
BTW, basically it will have better performance if we let IIS directly
process those static files, so you need to think it over whether you do
need to let ASP.NET take the ownership of the processing on those requests.
Hope this helps.
Regards,
Steven Cheng
Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Get Secure!
www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)