Access control?

Olav Tollefsen · Jul 5, 2004

I have the following in the Web.config file (root directory):

<authentication mode="Forms">
<forms name="Login"
loginUrl="Login.aspx"
protection="All"
timeout="60"
path="/" />
</authentication>
....
<authorization>
<deny users="?" />
</authorization>
....
<location path="LostPassword.aspx">
<system.web>
<authorization>
<allow users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</location>

My question:

How does this affect access to files in other directories like the
Images folder? Does the above control access to images file types at all
or does it only protect execution of .aspx files?

Olav

Ken Cox [Microsoft MVP] · Jul 5, 2004

Hi Olav,

If you wanted to handle Images folder as a special case, you would provide
only the folder name, without the page name:

<location path="Images">

Scott Allen · Jul 5, 2004

Hi Olav:

ASP.NET will only control access to file types mapped to the
aspnet_isapi.dll in the script mappings for the application. For
example: aspx and ascx are access controlled, .jpg and .png are not.

HTH,

Access control?

Olav Tollefsen

Ken Cox [Microsoft MVP]

Scott Allen