web.config

[olap]

do you know why if i've got an entry in the web.config like this:

<location path="Reportistica/Cruscotto">
<system.web>
<authorization>
<allow users="Domain\MArio"/>
<deny users="*"/>
</authorization>
</system.web>
</location>

it works

instead if i've got an entry like this:


<location path="Reportistica/Cruscotto/OLAP/Page.htm">
<system.web>
<authorization>
<allow users="Domain\MArio"/>
<deny users="*"/>
</authorization>
</system.web>
</location>

it doesn't work, and everyone can access that page?


thx

 

[Joe Kaplan \(MVP - ADSI\)]

Most likely this is because .htm files are not served by the ASP.NET
runtime, but are served by IIS directly. Therefore, this request never
enters the ASP.NET pipeline and the security is not enforced.

I've seen references on how to set up ASP.NET to handle other types of
requests such as htm and image files. However, you might be better off just
converting this page to an aspx page so you don't have to go through that
hassle.

Joe K.

 

[ranganh]

Dear Olap,

The htm files are not served by asp.net and are served by IIS itself. To enable security for that page, go to your application's virtual directory.

Go to Properties, Configuration and in the list, click add to add the .htm extension and set the same properties as that of the one's for .aspx which is being listed in the grid.

Once you are done with that, the htm files will be served by asp.net and the security would be enforced.

hope it helps.