secure paths in web.config file

From: Terry (NTuser_Man@msn.com)
Date: 03/18/03


From: NTuser_Man@msn.com (Terry)
Date: 18 Mar 2003 08:16:15 -0800


Howdy,

The secure paths in my web.config file prevent users from loading aspx
documents without first logging in. However the secure paths do not
prevent users from loading asp documents without first logging in. Is
that how the secure paths are supposed to work or am I doing something
incorrectly?

Thanks,

--Terry

Attached: samples from my web.config file.

<!-- This one works as expected. -->
<location path="Administrator/default.aspx">
        <system.web>
                <authorization>
                        <allow roles="Admin, Developer" />
                        <deny users="*" />
                </authorization>
        </system.web>
</location>

<!-- This one lets users in without first logging in. -->
<location path="Administrator/default.asp">
        <system.web>
                <authorization>
                        <allow roles="Admin, Developer" />
                        <deny users="*" />
                </authorization>
        </system.web>
</location>