URL Authorization in ASP.NET 2.0 not working for html and image files

Discussion in 'ASP .Net' started by pop@flink.dk, Jun 7, 2007.

  1. Guest

    Microsoft says that

    ------------
    ASP.NET version 2.0 on Windows Server 2003 protects all files in a
    given directory, even those not mapped to ASP.NET, such
    as .html, .gif, and .jpg files.
    -------------

    I have a ASP.NET 2.0 webapp on a 2003 server with the following
    Web.Config file

    <?xml version="1.0"?>
    <configuration>
    <appSettings>
    </appSettings>
    <connectionStrings/>
    <system.web>
    <compilation debug="true"/>
    <authentication mode="Forms"/>
    <authorization>
    <deny users="?"/>
    </authorization>
    </system.web>
    </configuration>

    Lets say that the app is on the following URL: www.myapp.com.
    When I access www.myapp.com/default.aspx I will correctly be
    redirected to the Login.aspx page.
    But if I try www.myapp.com/pictures/mypicture.jpg the picture is
    loaded without requiring login.
    Same happens for html pages.

    I have checked that the app is running under NET 2.0 in IIS.
    I have tried to install on 3 different 2003 servers but with no
    difference.

    What am I doing wrong?

    Hope you can help

    Thanks
    , Jun 7, 2007
    #1
    1. Advertising

  2. <> wrote in message
    news:...
    > Microsoft says that
    >
    > ------------
    > ASP.NET version 2.0 on Windows Server 2003 protects all files in a
    > given directory, even those not mapped to ASP.NET, such
    > as .html, .gif, and .jpg files.
    > -------------
    >
    > I have a ASP.NET 2.0 webapp on a 2003 server with the following
    > Web.Config file
    >
    > <?xml version="1.0"?>
    > <configuration>
    > <appSettings>
    > </appSettings>
    > <connectionStrings/>
    > <system.web>
    > <compilation debug="true"/>
    > <authentication mode="Forms"/>
    > <authorization>
    > <deny users="?"/>
    > </authorization>
    > </system.web>
    > </configuration>
    >
    > Lets say that the app is on the following URL: www.myapp.com.
    > When I access www.myapp.com/default.aspx I will correctly be
    > redirected to the Login.aspx page.
    > But if I try www.myapp.com/pictures/mypicture.jpg the picture is
    > loaded without requiring login.
    > Same happens for html pages.
    >
    > I have checked that the app is running under NET 2.0 in IIS.
    > I have tried to install on 3 different 2003 servers but with no
    > difference.
    >
    > What am I doing wrong?
    >
    > Hope you can help
    >
    > Thanks
    >


    it's true for Windows Authentication.

    What type of Authentication do you use?
    Alexey Smirnov, Jun 7, 2007
    #2
    1. Advertising

  3. Aion Guest

    On 7 Jun., 21:38, "Alexey Smirnov" <> wrote:
    > <> wrote in message
    >
    > news:...
    >
    >
    >
    >
    >
    > > Microsoft says that

    >
    > > ------------
    > > ASP.NET version 2.0 on Windows Server 2003 protects all files in a
    > > given directory, even those not mapped to ASP.NET, such
    > > as .html, .gif, and .jpg files.
    > > -------------

    >
    > > I have a ASP.NET 2.0 webapp on a 2003 server with the following
    > > Web.Config file

    >
    > > <?xml version="1.0"?>
    > > <configuration>
    > > <appSettings>
    > > </appSettings>
    > > <connectionStrings/>
    > > <system.web>
    > > <compilation debug="true"/>
    > > <authentication mode="Forms"/>
    > > <authorization>
    > > <deny users="?"/>
    > > </authorization>
    > > </system.web>
    > > </configuration>

    >
    > > Lets say that the app is on the following URL:www.myapp.com.
    > > When I accesswww.myapp.com/default.aspxI will correctly be
    > > redirected to the Login.aspx page.
    > > But if I trywww.myapp.com/pictures/mypicture.jpgthe picture is
    > > loaded without requiring login.
    > > Same happens for html pages.

    >
    > > I have checked that the app is running under NET 2.0 in IIS.
    > > I have tried to install on 3 different 2003 servers but with no
    > > difference.

    >
    > > What am I doing wrong?

    >
    > > Hope you can help

    >
    > > Thanks

    >
    > it's true for Windows Authentication.
    >
    > What type of Authentication do you use?- Skjul tekst i anførselstegn -
    >
    > - Vis tekst i anførselstegn -


    I use Forms Authentication.
    But I read somewhare that it should work for both Windows and Forms
    Authentication.
    Anyway if it was only working for Windows Authentication there where
    nothing new since this could be acompliced in .NET 1.1 by setting
    directory security in IIS :)
    Aion, Jun 10, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Curt_C [MVP]
    Replies:
    3
    Views:
    415
    Steven Cheng[MSFT]
    Apr 20, 2004
  2. J055
    Replies:
    1
    Views:
    3,131
    Steven Cheng[MSFT]
    Mar 13, 2006
  3. Replies:
    1
    Views:
    412
  4. Sagaert Johan
    Replies:
    2
    Views:
    314
    Sagaert Johan
    May 17, 2007
  5. SeanRW
    Replies:
    1
    Views:
    346
    Dominick Baier [DevelopMentor]
    May 25, 2006
Loading...

Share This Page