Restricting access to sub folders and files.

Discussion in 'ASP .Net Security' started by Jason Titcomb, Jun 20, 2007.

  1. Hello All,
    I would like to restrict access to a folder and all it's sub-folders and
    files.
    Using VS2005, ASP.NET 2.0, Forms Authentication, IIS6

    The web.config in the root of the site has the following in the config and
    it works.
    It redirects a new user to the login page just fine.
    <location path="Movies.aspx">
    <system.web>
    <authorization>
    <deny users="?"/>
    </authorization>
    </system.web>
    </location>

    The Movies.aspx renders available movies to watch depending on the
    querystring.
    The trouble is that if after watching the movie the user can see the url to
    the movie.
    If the user accesses the movie url directly it will bypass the
    authentication.
    I would like to have the location in the web.config specify a folder,
    sub-folders and all files.

    I tried creating a web.config in the Movies folder as follows.
    <configuration>
    <location>
    <system.web>
    <authorization>
    <allow users="?"/>
    </authorization>
    </system.web>
    </location>
    </configuration>
    It seems that the documentation said that if the location did not specify a
    path it would imply all child folders.
    This does not work for me.
    Any help would be appreciated.
    Jason
     
    Jason Titcomb, Jun 20, 2007
    #1
    1. Advertisements

    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.