G
Gustavo De la Espriella
Hi,
We are developing a file repository, and we are using Forms authentication
security.
We dynamically create the Web.config files in each directory and it works
perfectly for aspx files, but it doesnt work for any other file (.zip, .jpg,
..doc, etc) it allows anyone to access them.
For example, a Web.config in a directory is:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<customErrors mode="Off" />
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
But still allows anyone to access all the files in the directory.
Please help,
Gustavo
We are developing a file repository, and we are using Forms authentication
security.
We dynamically create the Web.config files in each directory and it works
perfectly for aspx files, but it doesnt work for any other file (.zip, .jpg,
..doc, etc) it allows anyone to access them.
For example, a Web.config in a directory is:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<customErrors mode="Off" />
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
But still allows anyone to access all the files in the directory.
Please help,
Gustavo