Help with <location> element in web.config

Guest · Jun 7, 2007

Hi. I need to deny unauthenticated users from accessing an excel file
located within my webapp at SecurePages/ExcelFile1.xls. I've added the below
<location> element to my web.config, but it allows unauthenticated users to
access the file. What am I doing wrong? Cannot .xls files be protected this
way?

<location path="SecurePages/ExcelFile1.xls">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>

John Timney \(MVP\) · Jun 7, 2007

I think you will have to map the xls extension to the asp.net DLL in IIS to
get this to work, so the request is being processed by asp.net and not just
by IIS.

Regards

John Timney (MVP)
http://www.johntimney.com
http://www.johntimney.com/blog

Alexey Smirnov · Jun 7, 2007

Hi. I need to deny unauthenticated users from accessing an excel file
located within my webapp at SecurePages/ExcelFile1.xls. I've added the below
<location> element to my web.config, but it allows unauthenticated users to
access the file. What am I doing wrong? Cannot .xls files be protected this
way?

<location path="SecurePages/ExcelFile1.xls">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>

It would work with Windows Authentication only.

Help with <location> element in web.config

Guest

John Timney \(MVP\)

Alexey Smirnov