Access control?

O

Olav Tollefsen

I have the following in the Web.config file (root directory):

<authentication mode="Forms">
<forms name="Login"
loginUrl="Login.aspx"
protection="All"
timeout="60"
path="/" />
</authentication>
....
<authorization>
<deny users="?" />
</authorization>
....
<location path="LostPassword.aspx">
<system.web>
<authorization>
<allow users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</location>

My question:

How does this affect access to files in other directories like the
Images folder? Does the above control access to images file types at all
or does it only protect execution of .aspx files?

Olav
 
K

Ken Cox [Microsoft MVP]

Hi Olav,

If you wanted to handle Images folder as a special case, you would provide
only the folder name, without the page name:

<location path="Images">
 
S

Scott Allen

Hi Olav:

ASP.NET will only control access to file types mapped to the
aspnet_isapi.dll in the script mappings for the application. For
example: aspx and ascx are access controlled, .jpg and .png are not.

HTH,
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Restrict access to Classic ASP pages in web.config 2
location element in web.config 1
Forms Authentication not Redirecting 1
Blocking Direct URL Access through web config 1
Specifying all files except Login.aspx and Join.aspx are restricted to authenticated users 1
Forms Authentication question in web.config 3
Forms Authentication for single directory 1
Resource protected by Form based aythetication 13

Top