Handling Authentication for all elements on a website

[Guest]

A Dilemma that I keep being faced with is a scenario where I require
authentication on virtually everything. HTMl files, GIF files, XML files,
JavaScript files and etc. And I am constantly dealing with Administrators
who refuse to allow me to map items so that asp.net handles authentication
for it.

I am wondering is it possilbe to make ASP.NET handle the authentication
for documents such as .HTML/.gif/.xml/.js without having to manually have
access to the server and assigning all files to be handled by IIS?

 

[Guest]

You can add the file name into the web.config

This way:

<location path="Default.aspx">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
<location path="defualt.aspx">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
<location path="picture.gif">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>

 

[Scott Allen]

With IIS 5 & 6 you have to route requests to the ASP.NET runtime
through script mappings.

Perhaps you could give them a script or program to run on the server
and perform the configuration programatically?

 

[Guest]

I think if the problem were that simple, then I would not be posting the
problem. <location only works if the file is mapped to IIS. The files cannot
be be mapped to IIS for external administrative reasons, reasons that go
beyond not having physical or remote control of the server.

I am wondering if other people have been responsible for securing
non-asp.net content that have needed to share the same credentials as the
asp.net application and have been faced with the above restrictments. And if
so whether they had come up with something that was useful..

 

[Steven Cheng[MSFT]]

Hi Recoil,

Thanks for your posting. As for router the authentication request of the
static contens to asp.net , I'm afraid there is no any means currently.
Since the IIS directly handle the coming requests , the asp.net won't have
chance to join the request processing. Curently I think the only means are :
1. contact the web host's admin for configuring the static contents's
extentsion to ASPNET isapi dll.

2. Output those contents(images or scripfiles) dynamically through a custom
asp.net httphandler.

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)