Web.Config settings.

From: Sunit Joshi (sjoshi_at_ingr.com)
Date: 08/26/03 

Date: 26 Aug 2003 06:51:22 -0700

Hello All
I have setup my web.config file the following way and was wondering if
it's correct. Basically I want to deny access to un-authenticated
users except for some special folders and files.

<authentication mode="Forms">
        <forms name="SkmLogin" loginUrl="Users/Login.aspx"
timeout="60"></forms>
</authentication>

<authorization>
     <deny users="?" />
</authorization>
<!-- Special Folder at the root -->
<location path="Config">
 <system.web>
        <authorization>
                <allow users="*" />
        </authorization>
 </system.web>
</location>
<!-- Special file -->
<location path="Users/RetrievePwd.aspx">
 <system.web>
        <authorization>
                <allow users="*" />
        </authorization>
 </system.web>
</location>

But somehow the ASPNET user is unable to read a file from Config
folder eventhough I have set allow ="*"
Any ideas what might be wrong here..??

thanks
Sunit

Relevant Pages

  • Server 2003 custom setup
    ... Is there a way to force the setup to partition an empty disk into ... 'special folders' locations on the fly? ... I've used Setup Manager to create an unattend.txt file but don't fully ...
    (microsoft.public.windows.server.setup)
  • Re: Kerio pops up warning when Im typing, risks allowing connection
    ... As for stopping the popup queries, you could add a rule to default deny access to all (ports, addresses, programs) as a last rule after whatever rules list you have setup already. ...
    (comp.security.firewalls)