Securing content via .NET ISAPI filter

Discussion in 'ASP .Net Security' started by Bill Belliveau, Apr 27, 2005.

  1. I’m trying to protect some content on a web application from un-authenticated
    users based on forms authentication.

    So far I’ve added the extension (.swf) to the application configuration in
    IIS. If I select the checkbox ‘Script engine’, all works fine except for the
    fact that you can directly access the object by a specific url without
    authentication, assuming you know the path. With the ‘Script engine’
    disabled no one, including authenticated users, cannot access the resources.

    I’ve reset the file permission on the site to default to no avail. The site
    is running on Windows 2003 server using only anonymous access and an
    application pool running with the identity of local system.

    I am not authenticating the forms logon using the typical methodology of
    “FormsAuthentication.RedirectFromLoginPageâ€, rather users are given an
    encrypted URL that contains what access they are allowed. I am using
    FormsAuthentication.SetAuthCookie(strEmail, false); to acknowledge the access.

    The authentication appears to be work properly as I can test (e.g. bool test
    = Context.User.Identity.IsAuthenticated;) with returns the correct results.

    There appears to be a crucial issue I’m apparently missing.. Any Ideas?

    Thanks,
    Bill Belliveau
     
    Bill Belliveau, Apr 27, 2005
    #1
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Michael Shutt
    Replies:
    0
    Views:
    961
    Michael Shutt
    Jun 26, 2003
  2. Jeremy
    Replies:
    1
    Views:
    818
    jeremy
    Aug 29, 2003
  3. Anonieko Ramos
    Replies:
    0
    Views:
    1,389
    Anonieko Ramos
    May 12, 2004
  4. Jon Maz
    Replies:
    2
    Views:
    4,820
    Jon Maz
    Sep 30, 2004
  5. Guoqi Zheng

    ISAPI filter or http module

    Guoqi Zheng, Jan 27, 2005, in forum: ASP .Net
    Replies:
    10
    Views:
    1,268
    Ben Lovell
    Jan 27, 2005
  6. Dmitry Duginov

    GAC + Http module (ISAPI filter) problem

    Dmitry Duginov, Feb 25, 2005, in forum: ASP .Net
    Replies:
    2
    Views:
    898
    Dmitry Duginov
    Feb 26, 2005
  7. Yet another C# coder

    ISAPI Filter in C# .NET 2.0

    Yet another C# coder, Oct 12, 2005, in forum: ASP .Net
    Replies:
    4
    Views:
    9,854
    Bruce Barker
    Oct 12, 2005
  8. Guest
    Replies:
    0
    Views:
    405
    Guest
    Sep 14, 2007
Loading...