Web.config security for non-aspx files

  • Thread starter Gustavo De la Espriella
  • Start date
G

Gustavo De la Espriella

Hi,
We are developing a file repository, and we are using Forms authentication
security.
We dynamically create the Web.config files in each directory and it works
perfectly for aspx files, but it doesnt work for any other file (.zip, .jpg,
..doc, etc) it allows anyone to access them.

For example, a Web.config in a directory is:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<customErrors mode="Off" />
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>

But still allows anyone to access all the files in the directory.

Please help,

Gustavo
 
V

Vadim Chekan

asp.net can handle only files IIS delegate it to handle.
For each file extention .aspx, .asax, .asmx, etc. there is a record in
settings in IIS that redirects query to certain handler.
You have to add your extention to be handled by asp.net framework, and
than asp.net will be able handle it.
 
S

Shiva

Hi,
For such non-ASP.NET resource requests, you should let ASP.NET ISAPI handle
those requests.
The steps do to this are detailed @
http://www.dotnetjunkies.com/Article/F32DFC79-3AE7-4D9D-BF1D-91B4B6D130C7.dcik

HTH.

Hi,
We are developing a file repository, and we are using Forms authentication
security.
We dynamically create the Web.config files in each directory and it works
perfectly for aspx files, but it doesnt work for any other file (.zip, .jpg,
..doc, etc) it allows anyone to access them.

For example, a Web.config in a directory is:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<customErrors mode="Off" />
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>

But still allows anyone to access all the files in the directory.

Please help,

Gustavo
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

aspx security? 1
Custom Errors for non .aspx files 1
ASP.Net Web.config security question 7
location element in web.config 1
web.config error 0
Block access to zip files using access rules 1
web.Config Deny access not working??? 2
Web Service & Web.Config 1

Members online

Total: 41 (members: 2, guests: 39)
Robots: 86

Forum statistics

Threads
473,780
Messages
2,569,611
Members
45,278
Latest member
BuzzDefenderpro

Latest Threads

Top