aspnet_isapi.dll security limit access to all but 1 file

I am trying to limit access to folders in the web per user. I have tried two
different approaches, neither of which I can get to work correctly. I have a
windows 2003 r2 server, asp.net 2.0, front page extensions installed.
My setup looks like this:
/webvirtualdirectory/users/tom/..
/webvirtualdirectory/users/bob/..
etc.. where the webvirtualdirectory is an application.

I am using forms authentication, using sql 2005. I want tom to be able to
access files such as html, pdf, jpg, etc that he dynamically creates or
upload to his folder, but not be able to access anything in bobs folder,
including html files. Likewise for bob. The users are created dynamically,
so I do not who they are ahead of time, nor could I manage them
individually.

Attempt 1:
I have tried adding an additional application extension mapping in the web
site configuration, mapping .pdf to aspnet_isapi.dll (.net 2.0). Then in the
users folder (i.e. users/bob), a web.config is dynamically created when the
user is created that gives the user rights to everything in that folder.
This does not work, no pdf's (or other files such as html) are served by the
server. I receive a
a.. Error Code 64: Host not available
a.. Background: The connection to the Web server was lost.

Attempt 2:
I have tried the web configuration tool, supplied with visual studio, to
limit access to the folder for the user, such as bob. This appears to have
no impact on limiting access to files that are not mapped to the
aspnet_isapi.dll. So basically no security on files or folders.

Now I also have some static content at the root level that I do want to
allow anonymous access to, such as 1 pdf file and 1 html file. I believe the
site wide security is set properly for the remainder of the pages because if
I try to go an aspx page that is not explicitly allowed in the web.config,
the anonymous user is automatically redirected to a login page, and the page
is not shown.

Not sure what I am missing here, any help is greatly appreciated, or if you
think I should post to a different group.

Thanks,
Jeff


.

Relevant Pages

  • aspnet_isapi.dll security limit access to folders
    ... I am trying to limit access to folders in the web per user. ... upload to his folder, but not be able to access anything in bobs folder, ... including html files. ... Likewise for bob. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: HTML File Display Anomaly
    ... Downloaded several HTML files to a folder on the desktop. ... one and it displays all garbled up in ANY browser, ... Copy/move any file out to the desktop and dbl-clicking it looks ok in ...
    (microsoft.public.windowsxp.general)
  • Re: Disable Rendering of Windows Explorer Icons?
    ... They're HTML files. ... information in folder tips" and "Show pop-up description for folder ... 99% with the exception of loading the extra file information? ...
    (microsoft.public.windowsxp.general)
  • Re: HTML File Display Anomaly
    ... Downloaded several HTML files to a folder on the desktop. ... Copy/move any file out to the desktop and dbl-clicking it looks ok in ... Now what may have happened, is that when you saved it to your folder, you saved it as "html only" (which only downloads the .html files and not their support files). ...
    (microsoft.public.windowsxp.general)
  • Re: No Pictures...Pages will not link
    ... I think perhaps that you did indeed upload the *contents* of the index_files ... folder, but you didn't upload the *folder* with the contents within. ... Go up to your site and delete all the Publisher html files including all the ... Compress graphics file sizes to create smaller Publisher Web ...
    (microsoft.public.publisher.webdesign)