How protect non aspx files using Forms Authentication?

  • Thread starter Thread starter Ronald S. Cook
  • Start date Start date
R

Ronald S. Cook

Using Forms Authentication, users can't get to my .aspx pages but they can
get directly to, for example, Setup.exe.



What setting can I use to protect ALL files within my app from hackers until
they login?



My web.config currently looks like this:



<authentication mode="Forms">

<forms loginUrl="frmLogin.aspx" />

</authentication>



<authorization>

<deny users="?" />

</authorization>



Thanks!

Ron Cook
 
Hi Ron, some options.

Use NT authentication instead.

Or tell your web server not to serve EXE files.

Put items you don't want served in another folder. This can be a
subfolder in your app, just ensure that your web account doesn't have
access to that folder.

Also (someone remind me) can you configure individual page loading
options in the Global.asax? I know you can config for application and
session start and ends, what about pages as well?
 
Using Forms Authentication, users can't get to my .aspx pages but they can
get directly to, for example, Setup.exe.

What setting can I use to protect ALL files within my app from hackers until
they login?
Click to expand...
[snip]

Put all the files you don't want the users to be able to access in a
folder and allow only logged on users to access that folder.
Thanks!

Ron Cook
Click to expand...

Otis Mukinfus
http://www.otismukinfus.com
http://www.tomchilders.com
 
On Mon, 30 Jan 2006 21:07:08 -0600, Otis Mukinfus

Well I said that kinda backwards didn't I? Restrict the users from
the folder that has the file you don't want them to access :o[
Using Forms Authentication, users can't get to my .aspx pages but they can
get directly to, for example, Setup.exe.

What setting can I use to protect ALL files within my app from hackers until
they login?
Click to expand...
[snip]

Put all the files you don't want the users to be able to access in a
folder and allow only logged on users to access that folder.
Thanks!

Ron Cook
Click to expand...

Otis Mukinfus
http://www.otismukinfus.com
http://www.tomchilders.com
Click to expand...

Otis Mukinfus
http://www.otismukinfus.com
http://www.tomchilders.com
 
Cool, but how?

Thanks!
Ron

Otis Mukinfus said:
On Mon, 30 Jan 2006 21:07:08 -0600, Otis Mukinfus

Well I said that kinda backwards didn't I? Restrict the users from
the folder that has the file you don't want them to access :o[
Using Forms Authentication, users can't get to my .aspx pages but they
can
get directly to, for example, Setup.exe.

What setting can I use to protect ALL files within my app from hackers
until
they login?
Click to expand...
[snip]

Put all the files you don't want the users to be able to access in a
folder and allow only logged on users to access that folder.
Thanks!

Ron Cook
Click to expand...

Otis Mukinfus
http://www.otismukinfus.com
http://www.tomchilders.com
Click to expand...

Otis Mukinfus
http://www.otismukinfus.com
http://www.tomchilders.com
Click to expand...
 
Just normal folder security. Remove the IUSR_xxxxx account from having
access to the folder with the files you want to protect.
 
Back
Top