Re: Forms authentication to secure various static content?
From: Michael Brandt Lassen (MichaelBrandtLassen_at_discussions.microsoft.com)
Date: 11/24/05
- Previous message: Dominick Baier [DevelopMentor]: "Re: forms authentication across multiple web servers"
- In reply to: Dominick Baier [DevelopMentor]: "Re: Forms authentication to secure various static content?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 24 Nov 2005 12:12:02 -0800
Hi Dominic
Thanks for your reply.
After reading you articles and doing various experiments, I still don’t get
it.
I’ve tried what seems to me every possible combination of along your advice,
configuring IIS with specific application extensions or wild card application
maps, registering the default http handler in both machine.config and
web.config. My results range from no effect, over 404-errors, to requests
that never seem to return from IIS.
I’m Sorry to bother you, but I’m afraid I need a more precise guidance on
how exactly to enable say forms authentication of htm and gif’s, and/or the
wild card strategy.
You write:
“In ASP.NET […] All unknown file extensions are now handled by a class
called DefaultHttpHandler.”
Is this default handler enabled by default? Or do I have to, and in which
configuration file should I write:
<add path="*" verb="GET,HEAD,POST" type="System.Web.DefaultHttpHandler"
validate="True" />
Is this configuration to be combined with a wildcard application maps in IIS
pointing to the asp.net isapi dll?
Thanks a bunch,
Michael Brandt Lassen, Developer & Architect
3F, Denmark
"Dominick Baier [DevelopMentor]" wrote:
> Hello Michael,
>
> i wrote an article about that:
>
> http://www.leastprivilege.com/ProtectingNonASPNETResourcesWithASPNET20.aspx
> http://www.leastprivilege.com/MoreOnProtectingStaticResourcesWithASPNET20.aspx
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
> > Hi there gurus,
> >
> > I'd like to secure both dynamic AND STACIC content (html-files, gif's,
> > Office documents etc.) using forms authentication.
> >
> > In my ASP.net 2.0 test application forms authentication secures all
> > content out of the box on the ASP.net Development Server. However,
> > publishing the application to IIS only dynamic content is secured.
> >
> > Elsewhere I've read how to configure IIS to service html-files through
> > the aspnet_isapi.dll, this extents forms authentication to secure
> > html-files. But I need to secure gif's, office documents etc. on IIS
> > just as the default behavior of the ASP.net Development Server. How
> > can this be accomplished? I've had no luck sending say .doc documents
> > through aspnet_isapi.dll.
> >
> > In how many other significant areas are the behavior of the ASP.net
> > Development Server different that the default behavior of IIS 6.0. If
> > no one knows, can ASP.net Development Server then be trusted for any
> > serious development?
> >
> > Can the problem be solved using ASP.net 1.1 as well?
> >
> > Best regards,
> >
> > Michael Brandt Lassen
> > 3F, Denmark
> > Michael Brandt Lassen, Developer & Architect
> > 3F, Denmark
>
>
>
- Previous message: Dominick Baier [DevelopMentor]: "Re: forms authentication across multiple web servers"
- In reply to: Dominick Baier [DevelopMentor]: "Re: Forms authentication to secure various static content?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
