Block access to zip files using access rules

T

Torben Laursen

I have a website where the user can download zip files after logging in.
In the site I use access rules to control who can control what.

However to my big surprise the user cannot access aspx files in a folder
without logging in but he can access zip files without any problems!
The config file for the folder is this:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<authorization>
<allow roles="members" />
<deny users="?" />
<deny users="*" />
</authorization>
</system.web>
</configuration>

Does anyone know how I block the access of zip files in a folder so only
people who are logged in can access them?

Thanks Torben
 
B

bruce barker

by default (for performance reasons) non asp.net file are not mapped to
asp.net for processing. thus asp.net security has no effect. in iis you need
to map the zip files to be processed by asp.net

-- bruce (sqlwork.com)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How to connect to shared folder and access files from it using python 1
Access to external javascript file denied 0
I need help in understanding these files on my phone, Could someone help me understand these files? Urgent help needed. Please help. 1
web.Config Deny access not working??? 2
Blocking Direct URL Access through web config 1
Vercel/NextJS: How to access serverless functions from frontend during local development? 0
Forms Authentication Access Rules 1
Role authorization, if denied access, how NOT to kick back to login? 7

Members online

Total: 36 (members: 2, guests: 34)
Robots: 431

Forum statistics

Threads
473,769
Messages
2,569,577
Members
45,052
Latest member
LucyCarper

Latest Threads

Top