non asp.net page accessible

[Kasumo Morris]

Hi all,

I have an asp.net application configured with forms authentication. When I
request a non asp.net page (as an example, a crystal report file) without
first logging into the application, IIS still serves up the file.

I was wondering if any of you out there have encountered this behavior and
what configuration setting were applied to resolve this behavior. I want
all non authenticated session to redirect to the login page.

Thanks in advance
Kasumo

 

[Richard Brown]

Hi all,

I have an asp.net application configured with forms authentication. When I
request a non asp.net page (as an example, a crystal report file) without
first logging into the application, IIS still serves up the file.

I was wondering if any of you out there have encountered this behavior and
what configuration setting were applied to resolve this behavior. I want
all non authenticated session to redirect to the login page.

Thanks in advance
Kasumo

Take a look at the crystal report viewer in VS2005 looks like it may be
the answer to your problems.

 

[bruce barker \(sqlwork.com\)]

if you want asp.net forms authenication for a file, you must map its
extension to asp.net (see mappings under application configuration in IIS).
there is a perfomance cost to having asp.net server a file rather than iis.

-- bruce (sqlwork.com)

 

[Kasumo Morris]

Richard,

I not that concern about crystal report, it was only metioned as an example
of a non asp.net page, by which I mean a file type not configure to the
asp.net process.

 

[joeldsouza]

What Bruce suggests is what one would normally do on IIS5.x

If you're using IIS 6.0, I'd suggest setting up Wildcard Mapping. You
can find explicit steps here :
http://asp.net/QuickStart/aspnet/doc/tipstricks/default.aspx#securingnonaspnetcontent