wildcard extension ASP.Net httphandler gives 401.3 ACL permission denied error on a directory

Discussion in 'ASP .Net Security' started by Ken Yee, Oct 6, 2005.

  1. Ken Yee

    Ken Yee Guest

    First a little background: I've written an httphandler to handle wildcard
    extensions (i.e., I want to handle all URLs that come in rather than just
    URLs w/ a specific file extension so I can give friendly names to various
    dynamic web pages). To do this, I've written an httphandler and put it
    in the web.config for my webapp (stored in the wwwroot\webapp directory).
    It works great for the most part; I get to handle any URLs below my
    webapp directory.

    The problem is, when I use a URL that references the directory, IIS seems
    to be prompting for a username/password (it's set to use anonymous and
    Windows authentication). If I turn off Windows authentication, I just
    get a 401.3 error code.

    I used sysinternal's FileMon program and can see the aspnet process
    trying to access \inetpub\wwwroot\webapp and that's why it's getting the
    error. If I do a FileMon trace w/ wildcard extensions turned off, it's
    the inetinfo process that accesses the \inetpub\wwwroot\webapp directory
    instead of the aspnet process. I've tried adding the ASPNET user to
    this directory w/ no luck. I've also tried logging in as a real user w/
    admin access when the prompt comes up w/ no luck. I've tried adding a
    default home document in IIS (e.g., default.aspx) so it should try
    loading that if it hits that directory, but it doesn't do it. I put a
    breakpoint in my custom httphandler and it never reaches it, so the
    problem is definitely happening in the aspnet process; it also happens in
    Win2K/XP/2003, so it's not operating system specific. If I access a URL
    that would map to any real directory (e.g. localhost/webapp/subdir where
    the \inetpub\wwwroot\webapp\subdir directory exists), it also prompts, so
    this seems to only happen if the URL maps to a real directory.

    Any clues on what I should try next?
    Or is this just a bug in ASP.Net? :-(
    There's very little documentation on writing wildcard httphandlers...


    (remove .SPAMGUARD to reply to email)
    Ken Yee, Oct 6, 2005
    1. Advertisements

  2. Venkat_KL

    Venkat_KL Guest

    1. Advertisements

  3. Ken Yee

    Ken Yee Guest

    RE: wildcard extension ASP.Net httphandler gives 401.3 ACL permission

    =?Utf-8?B?VmVua2F0X0tM?= <> wrote in

    > I am not very sound in this topic, but anyway you can go through the
    > following sites

    Thanks. Been through those sites already. The closest match was
    David Wang's site, but it doesn't apply in this case :-(

    Ken Yee, Oct 7, 2005
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Sosh123
    Jun 2, 2005
  2. Ken Yee
    Ken Yee
    Oct 7, 2005
  3. Jay Balapa
    johnny keung
    May 23, 2006
  4. Fox

    401.3 ACL error

    Fox, Feb 26, 2004, in forum: ASP General
    Mark Schupp
    Mar 1, 2004
  5. randyfaulkner

    ASP Pages 401.3 ACL Error

    randyfaulkner, Aug 11, 2004, in forum: ASP General
    Aug 12, 2004