Re: ASP application using ASP.NET Forms Authentication

On Jun 6, 9:58 pm, Leandro David <leandro...@xxxxxxxxx> wrote:
Let me explain the problem:

I have an application with lots and lots of .asp files. At the moment
we don´t have time and people enough to recode all the .asp pages
to .aspx pages.

Today we do user authentication using sessions at .asp files.

But the biggest problem in the moment is the authentication in other
types of files, like html, jpg, pdf and other files. These are users
files, and they are stored at specific folders in the server. I saw
somewhere that using forms autentication I can configure the
web.config file to deny unauthenticated people to read the files in
these folders, after configuring the mapping in IIS for extensions
like .htm, .jpg, .pdf... . This is the unique resource I plan to use

What I´m planning now is to keep the authentication as it is done
today (using sessions) at the .asp files ( it works ok) and, when the
user log in the application, redirect to a login.aspx page where the
forms authentication is done automaticaly. This way I can configure
web.config in the folders that have users files.

Is it possible or still makes no sense ?

Thanks for the help,

Leandro

Hi, Leandro

I think I understand the problem now. You can map html, jpg, pdf to an
aspnet_isapi.dll ISAPI handler to proceed to the requested file with
ASP.NET Forms Authentication. But I think you could have another issue
here: for example, a jpg protected and included in the protected asp
would require double authentication - one for asp and one for jpg. If
you don't have such case, then your idea with ASP.NET Forms
Authentication should work.

I've found an article about integrating ASP.NET Security with Classic
ASP and Non-ASP.NET URLs

http://weblogs.asp.net/scottgu/archive/2007/03/04/tip-trick-integrating-asp-net-security-with-classic-asp-and-non-asp-net-urls.aspx

Hope it helps you to find the right way :-)

.

Relevant Pages

  • Re: ADSI Authentication using ASP - Problem
    ... ASP application over the web. ... "Basic Authentication" enabled. ... Dim oRootDSE As IADs ... strPassword As String, strUserADSPath As String ...
    (microsoft.public.inetserver.iis.security)
  • Re: Cant make a domain user the "anonymous access" user
    ... I have tried both with and without Integrated authentication enabled. ... I get a login prompt if I am using an NTLM-capable ... I can then authenticate using the domain account ... Pool containing this ASP page ...
    (microsoft.public.inetserver.iis.security)
  • Re: Newbie Needs Help!
    ... >> based authentication via SQL Server for a section of our corporate web ... >> I know classic ASP quite well, but the ASP .NET world is very different. ... >> Will IIS 5.0 support ASP .Net's built in methods for the integrated form ... > You can map the aspnet ISAPI dll to these other file extensions in IIS, ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: ASP using ADSI
    ... I'm using ASP because I know nothing of .net. ... My environment is an NT4 domain that is being migrated to W2K3 AD domain. ... Now the issues revolve around authentication. ... When you say you set up a service account, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Single Sign On
    ... project (traditional ASP) that authenticates against TAM and am developing ... the portal site makes a call to an ASP.NET web service ... > user accesses one of the ASP.NET apps, ... so enabling Forms Authentication allows the ASP.NET app ...
    (microsoft.public.dotnet.framework.aspnet)