Protect EXE using defaulthttphandler?

Discussion in 'ASP .Net' started by andy@felsconsulting.co.uk, Mar 7, 2007.

  1. Guest

    Hi

    I have a website which i have secured using forms authentication. I
    have also secured htm, pdf, doc, xls files using the httphandlers
    section in the web.config and routing the requests from IIS thru
    dotnet.

    Now I need to secure a .exe application in a subdir. I have made it so
    we have to login, but I cannot get the application to run.... I have
    tried using the defaulthttphandler in the web.config but the browser
    just says the page is unreachable.

    The .exe is a third party product so we cannot change it. Its
    basically some sort of cgi app which works fine if we just call it via
    the url http:\fred\gateway.exe?someparams (and remove the mapping in
    IIS).

    Do i need to write my own httphandler to execute the exe and return
    the web page. If so has anyone done this and can give an example?

    The line in the web.config in the httphandlers section i currently
    have is
    <add path="*.exe" verb="*" type="System.Web.DefaultHttpHandler"
    validate="true" />

    Please tell me this can be done or the line above is incorrect.......

    Thanks
     
    , Mar 7, 2007
    #1
    1. Advertising

  2. Give the folder containing the CGI executable Execute permission (as opposed
    to script permission).

    --
    HTH,

    Kevin Spencer
    Microsoft MVP

    Help test our new betas,
    DSI PrintManager, Miradyne Component Libraries:
    http://www.miradyne.net

    <> wrote in message
    news:...
    > Hi
    >
    > I have a website which i have secured using forms authentication. I
    > have also secured htm, pdf, doc, xls files using the httphandlers
    > section in the web.config and routing the requests from IIS thru
    > dotnet.
    >
    > Now I need to secure a .exe application in a subdir. I have made it so
    > we have to login, but I cannot get the application to run.... I have
    > tried using the defaulthttphandler in the web.config but the browser
    > just says the page is unreachable.
    >
    > The .exe is a third party product so we cannot change it. Its
    > basically some sort of cgi app which works fine if we just call it via
    > the url http:\fred\gateway.exe?someparams (and remove the mapping in
    > IIS).
    >
    > Do i need to write my own httphandler to execute the exe and return
    > the web page. If so has anyone done this and can give an example?
    >
    > The line in the web.config in the httphandlers section i currently
    > have is
    > <add path="*.exe" verb="*" type="System.Web.DefaultHttpHandler"
    > validate="true" />
    >
    > Please tell me this can be done or the line above is incorrect.......
    >
    > Thanks
    >
     
    Kevin Spencer, Mar 7, 2007
    #2
    1. Advertising

  3. Guest

    Thanks for the suggestion, but I have already done this, and can be
    proved by removing the mapping in IIS of .exe to the dotnet
    executeble. The exe works fine then, but once its remapped, it
    authenticates then just gives an "Internet Explorer cannot display the
    webpage" error.

    Any more ideas??

    Thanks


    On 7 Mar, 13:26, "Kevin Spencer" <> wrote:
    > Give the folder containing the CGI executable Execute permission (as opposed
    > to script permission).
    >
    > --
    > HTH,
    >
    > Kevin Spencer
    > Microsoft MVP
    >
     
    , Mar 7, 2007
    #3
  4. Guest

    Well finally made it work, it was very simple in the end..... I shall
    explain cos google did not have any answers for this.....

    Basically I had misunderstood setting IIS to route the requests to the
    dotnet exe.
    What I did was to route individual requests by
    adding .exe, .htm, .html, .pdf to the application extensions section.
    What I should have done was just add the dotnet dll to the wildcard
    application maps just below it.

    Because I had set the application extensions I was in fact creating a
    circular reference, in that it would route it to dotnet. When i was
    asking .exe. to go back to the defaulthttphandler it looked in the app
    extensions and sent it back to dotnet.......
    Now all requests for files goto dotnet and are then automatically sent
    back to the correct handlers. This means the authentication kicks in
    nice and easy.

    You do not even need to add a httphandlers section in the web.config
    file either, cos in the main.config it routes all unhandled types back
    to IIS.

    Its very easy when you know how..........................
    Cheers
     
    , Mar 13, 2007
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ricky Koh
    Replies:
    4
    Views:
    408
    Scott Condit
    Aug 27, 2003
  2. Bill
    Replies:
    8
    Views:
    565
  3. Replies:
    11
    Views:
    1,010
    Mark Rae
    Mar 7, 2007
  4. tiewknvc9
    Replies:
    2
    Views:
    931
    victor at sevencoins dot com
    Oct 9, 2006
  5. Sangeeta Huddar
    Replies:
    1
    Views:
    137
    Sangeeta Huddar
    Feb 27, 2009
Loading...

Share This Page