Securing content via .NET ISAPI filter

Discussion in 'ASP .Net Security' started by Bill Belliveau, Apr 27, 2005.

  1. I’m trying to protect some content on a web application from un-authenticated
    users based on forms authentication.

    So far I’ve added the extension (.swf) to the application configuration in
    IIS. If I select the checkbox ‘Script engine’, all works fine except for the
    fact that you can directly access the object by a specific url without
    authentication, assuming you know the path. With the ‘Script engine’
    disabled no one, including authenticated users, cannot access the resources.

    I’ve reset the file permission on the site to default to no avail. The site
    is running on Windows 2003 server using only anonymous access and an
    application pool running with the identity of local system.

    I am not authenticating the forms logon using the typical methodology of
    “FormsAuthentication.RedirectFromLoginPageâ€, rather users are given an
    encrypted URL that contains what access they are allowed. I am using
    FormsAuthentication.SetAuthCookie(strEmail, false); to acknowledge the access.

    The authentication appears to be work properly as I can test (e.g. bool test
    = Context.User.Identity.IsAuthenticated;) with returns the correct results.

    There appears to be a crucial issue I’m apparently missing.. Any Ideas?

    Thanks,
    Bill Belliveau
    Bill Belliveau, Apr 27, 2005
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Michael Shutt
    Replies:
    0
    Views:
    799
    Michael Shutt
    Jun 26, 2003
  2. Anonieko Ramos
    Replies:
    0
    Views:
    1,202
    Anonieko Ramos
    May 12, 2004
  3. Jon Maz
    Replies:
    2
    Views:
    4,578
    Jon Maz
    Sep 30, 2004
  4. Yet another C# coder

    ISAPI Filter in C# .NET 2.0

    Yet another C# coder, Oct 12, 2005, in forum: ASP .Net
    Replies:
    4
    Views:
    9,526
    Bruce Barker
    Oct 12, 2005
  5. Guest
    Replies:
    0
    Views:
    310
    Guest
    Sep 14, 2007
Loading...

Share This Page