Making all theme files availble before authentication

Discussion in 'ASP .Net Security' started by David Thielen, Nov 12, 2006.

  1. Hi;

    My login page uses css and gif files from the theme. Since the user can
    change the theme in the web.config file, is there a way to say any file (or
    preferably any .css, .gif, or .jpg file) anywhere under App_Themes can be
    read by un-authenticated users?

    Otherwise if a sysadmin changes the theme in web.config, they have to know
    to change the location nodes too.

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com

    Cubicle Wars - http://www.windwardreports.com/film.htm
    David Thielen, Nov 12, 2006
    #1
    1. Advertising

  2. Hi Dave,

    As for those theme resource like css, gif, jpg ... files under Theme and
    sub theme folders, by default they will be available to all users no matter
    they have been authenticated or not(suppose you are use
    formsauthentication+membership+role).

    As far as I know, we may meet some problems with access static resource
    items under unauthenticated(login) user when we developing through the VS
    2005/.NET 2.0 test server. Because the test webserver will process all the
    requests from browser (no matter the requested file is static ones--css, js
    or dynamic ones--aspx, ascx).

    Are you also encountering the problem when developing through test server
    or also meet problem in IIS hosted scenario?


    Sincerely,

    Steven Cheng

    Microsoft MSDN Online Support Lead



    This posting is provided "AS IS" with no warranties, and confers no rights.
    Steven Cheng[MSFT], Nov 13, 2006
    #2
    1. Advertising

  3. Oh - good point. I will try on IIS.

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com

    Cubicle Wars - http://www.windwardreports.com/film.htm




    "Steven Cheng[MSFT]" wrote:

    > Hi Dave,
    >
    > As for those theme resource like css, gif, jpg ... files under Theme and
    > sub theme folders, by default they will be available to all users no matter
    > they have been authenticated or not(suppose you are use
    > formsauthentication+membership+role).
    >
    > As far as I know, we may meet some problems with access static resource
    > items under unauthenticated(login) user when we developing through the VS
    > 2005/.NET 2.0 test server. Because the test webserver will process all the
    > requests from browser (no matter the requested file is static ones--css, js
    > or dynamic ones--aspx, ascx).
    >
    > Are you also encountering the problem when developing through test server
    > or also meet problem in IIS hosted scenario?
    >
    >
    > Sincerely,
    >
    > Steven Cheng
    >
    > Microsoft MSDN Online Support Lead
    >
    >
    >
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    >
    >
    >
    >
    David Thielen, Nov 13, 2006
    #3
  4. Works fine under IIS - can you report this as a bug in the VS 2005 web server?

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com

    Cubicle Wars - http://www.windwardreports.com/film.htm




    "Steven Cheng[MSFT]" wrote:

    > Hi Dave,
    >
    > As for those theme resource like css, gif, jpg ... files under Theme and
    > sub theme folders, by default they will be available to all users no matter
    > they have been authenticated or not(suppose you are use
    > formsauthentication+membership+role).
    >
    > As far as I know, we may meet some problems with access static resource
    > items under unauthenticated(login) user when we developing through the VS
    > 2005/.NET 2.0 test server. Because the test webserver will process all the
    > requests from browser (no matter the requested file is static ones--css, js
    > or dynamic ones--aspx, ascx).
    >
    > Are you also encountering the problem when developing through test server
    > or also meet problem in IIS hosted scenario?
    >
    >
    > Sincerely,
    >
    > Steven Cheng
    >
    > Microsoft MSDN Online Support Lead
    >
    >
    >
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    >
    >
    >
    >
    David Thielen, Nov 13, 2006
    #4
  5. this is not a bug - it is just the Cassini and IIS handle things differently...

    http://www.leastprivilege.com/CassiniConsideredHarmful.aspx

    ---
    Dominick Baier, DevelopMentor
    http://www.leastprivilege.com

    > Works fine under IIS - can you report this as a bug in the VS 2005 web
    > server?
    >
    > Cubicle Wars - http://www.windwardreports.com/film.htm
    >
    > "Steven Cheng[MSFT]" wrote:
    >
    >> Hi Dave,
    >>
    >> As for those theme resource like css, gif, jpg ... files under Theme
    >> and sub theme folders, by default they will be available to all users
    >> no matter they have been authenticated or not(suppose you are use
    >> formsauthentication+membership+role).
    >>
    >> As far as I know, we may meet some problems with access static
    >> resource items under unauthenticated(login) user when we developing
    >> through the VS 2005/.NET 2.0 test server. Because the test webserver
    >> will process all the requests from browser (no matter the requested
    >> file is static ones--css, js or dynamic ones--aspx, ascx).
    >>
    >> Are you also encountering the problem when developing through test
    >> server or also meet problem in IIS hosted scenario?
    >>
    >> Sincerely,
    >>
    >> Steven Cheng
    >>
    >> Microsoft MSDN Online Support Lead
    >>
    >> This posting is provided "AS IS" with no warranties, and confers no
    >> rights.
    >>
    Dominick Baier, Nov 13, 2006
    #5
  6. Thanks for Dominick's input.

    Hi Dave,

    Yes, this is actually the expected behavior in test server instance test
    server doesn't has raw ISAPI filter and extensions as IIS. Therefore, all
    the requests(no matter static or dynamic files) will be handled by ASP.NET
    engine. So when test through test server, we need to take abit more care on
    such scenario.

    Anyway, I agree that this should be one of the things the ASP.NET team can
    improve for futher release. I would suggest you submit this in the product
    feedback center:

    http://connect.microsoft.com/feedback/default.aspx?SiteID=210


    Sincerely,

    Steven Cheng

    Microsoft MSDN Online Support Lead



    This posting is provided "AS IS" with no warranties, and confers no rights.
    Steven Cheng[MSFT], Nov 14, 2006
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Nathan Sokalski

    Making sure a file exists before uploading it

    Nathan Sokalski, Aug 21, 2005, in forum: ASP .Net
    Replies:
    6
    Views:
    1,623
    Chris Dunaway
    Aug 22, 2005
  2. Replies:
    1
    Views:
    243
    Steve Holden
    Aug 15, 2006
  3. ton
    Replies:
    5
    Views:
    271
  4. Kyrre Nygård

    Making all my Ruby files pretty

    Kyrre Nygård, Mar 18, 2008, in forum: Ruby
    Replies:
    0
    Views:
    92
    Kyrre Nygård
    Mar 18, 2008
  5. Sathish Sathish
    Replies:
    1
    Views:
    296
    Phillip Gawlowski
    May 27, 2011
Loading...

Share This Page