Re: Forms authentication to secure various static content?

From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 11/24/05

• Next message: Roel: "forms authentication across multiple web servers"
• Previous message: Dominick Baier [DevelopMentor]: "Re: Single sign-on?"
• Next in thread: Michael Brandt Lassen: "Re: Forms authentication to secure various static content?"
• Reply: Michael Brandt Lassen: "Re: Forms authentication to secure various static content?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 24 Nov 2005 05:00:18 -0800

Hello Michael,

i wrote an article about that:

http://www.leastprivilege.com/ProtectingNonASPNETResourcesWithASPNET20.aspx
http://www.leastprivilege.com/MoreOnProtectingStaticResourcesWithASPNET20.aspx

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Hi there gurus,
>
> I'd like to secure both dynamic AND STACIC content (html-files, gif's,
> Office documents etc.) using forms authentication.
>
> In my ASP.net 2.0 test application forms authentication secures all
> content out of the box on the ASP.net Development Server. However,
> publishing the application to IIS only dynamic content is secured.
>
> Elsewhere I've read how to configure IIS to service html-files through
> the aspnet_isapi.dll, this extents forms authentication to secure
> html-files. But I need to secure gif's, office documents etc. on IIS
> just as the default behavior of the ASP.net Development Server. How
> can this be accomplished? I've had no luck sending say .doc documents
> through aspnet_isapi.dll.
>
> In how many other significant areas are the behavior of the ASP.net
> Development Server different that the default behavior of IIS 6.0. If
> no one knows, can ASP.net Development Server then be trusted for any
> serious development?
>
> Can the problem be solved using ASP.net 1.1 as well?
>
> Best regards,
>
> Michael Brandt Lassen
> 3F, Denmark
> Michael Brandt Lassen, Developer & Architect
> 3F, Denmark

---

• Next message: Roel: "forms authentication across multiple web servers"
• Previous message: Dominick Baier [DevelopMentor]: "Re: Single sign-on?"
• Next in thread: Michael Brandt Lassen: "Re: Forms authentication to secure various static content?"
• Reply: Michael Brandt Lassen: "Re: Forms authentication to secure various static content?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: IIS ... I believe that once the source code is open source, ... Subject: IIS ... are a myriad of options to hardening an IIS box than just patches. ... worked with many and would answer this with, the system is as secure as the ... (Security-Basics) Re: How to secure IIS? ... XP as well, because even if you don't install IIS, there are still a number ... If you think Windows 98 is secure, ... easy to attack, if there's no firewall... ... IIS security checklists] 3) install firewall and antivirus, ... (microsoft.public.inetserver.iis.security) RE: IIS ... Apache is much more secure by default. ... irony I run IIS but this because I know how to harden it). ... recipient, or an employee or agent responsible for delivering this ... (Security-Basics) Re: Login Page ... > I am looking for a way to make my website secure. ... > authentication tied into a login page. ... Dim strADsPath ... Tom Kaminski IIS MVP ... (microsoft.public.dotnet.framework.aspnet) Re: Login Page ... > I am looking for a way to make my website secure. ... > authentication tied into a login page. ... Dim strADsPath ... Tom Kaminski IIS MVP ... (microsoft.public.inetserver.iis)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)