Forms authentication to secure various static content?

  • Thread starter Michael Brandt Lassen
  • Start date
M

Michael Brandt Lassen

Hi there gurus,

I’d like to secure both dynamic AND STACIC content (html-files, gif’s,
Office documents etc.) using forms authentication.

In my ASP.net 2.0 test application forms authentication secures all content
out of the box on the ASP.net Development Server. However, publishing the
application to IIS only dynamic content is secured.

Elsewhere I’ve read how to configure IIS to service html-files through the
aspnet_isapi.dll, this extents forms authentication to secure html-files. But
I need to secure gif’s, office documents etc. on IIS just as the default
behavior of the ASP.net Development Server. How can this be accomplished?
I’ve had no luck sending say .doc documents through aspnet_isapi.dll.

In how many other significant areas are the behavior of the ASP.net
Development Server different that the default behavior of IIS 6.0. If no one
knows, can ASP.net Development Server then be trusted for any serious
development?

Can the problem be solved using ASP.net 1.1 as well?

Best regards,

Michael Brandt Lassen
3F, Denmark
 
M

Michael Brandt Lassen

Hi Dominic

Thanks for your reply.

After reading you articles and doing various experiments, I still don’t get
it.

I’ve tried what seems to me every possible combination of along your advice,
configuring IIS with specific application extensions or wild card application
maps, registering the default http handler in both machine.config and
web.config. My results range from no effect, over 404-errors, to requests
that never seem to return from IIS.

I’m Sorry to bother you, but I’m afraid I need a more precise guidance on
how exactly to enable say forms authentication of htm and gif’s, and/or the
wild card strategy.

You write:

“In ASP.NET […] All unknown file extensions are now handled by a class
called DefaultHttpHandler.â€

Is this default handler enabled by default? Or do I have to, and in which
configuration file should I write:

<add path="*" verb="GET,HEAD,POST" type="System.Web.DefaultHttpHandler"
validate="True" />

Is this configuration to be combined with a wildcard application maps in IIS
pointing to the asp.net isapi dll?

Thanks a bunch,

Michael Brandt Lassen, Developer & Architect
3F, Denmark
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Unable to establish secure connection with the server 2
Forms Authentication with Active Directory 3
Securing a directory and its files with forms authentication 1
deploy authentication 'forms' 0
Can't use forms authentication when using IIS 5
Login Control / Forms Authentication with ActiveDirectoryMembersh 0
Forms Authentication - Sudden Redirect Failure on Login 14
How to bypass forms-based authentication 0

Members online

Total: 22 (members: 2, guests: 20)
Robots: 293

Forum statistics

Threads
473,755
Messages
2,569,535
Members
45,007
Latest member
obedient dusk

Latest Threads

Top