M
Magnus Blomberg
Hi there!
I am using VS 2005 beta for developing my new web application.
I have a security issue, that I don't know if it is wrong by me, an IIS6 problem or an VS beta problem.
I have a web application where the first page is public and IIS is set up with Anonymous login enabled and Integrated Windows authentication.
All other pages is placed under a folder called Protected created from VS.
My web.config looks like this (shrinked):
<system.web>
<authentication mode="Windows"/>
</system.web>
<location path="Protected">
<system.web>
<authorization>
<allow users="projdev\prospects"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
The problem is that I CAN browse all .htm pages under the folder Protected. The pages named .aspx is protected as they should.
Is it not "allowed" to use .htm pages in my app, or am I doing something wrong?
Regards Magnus
I am using VS 2005 beta for developing my new web application.
I have a security issue, that I don't know if it is wrong by me, an IIS6 problem or an VS beta problem.
I have a web application where the first page is public and IIS is set up with Anonymous login enabled and Integrated Windows authentication.
All other pages is placed under a folder called Protected created from VS.
My web.config looks like this (shrinked):
<system.web>
<authentication mode="Windows"/>
</system.web>
<location path="Protected">
<system.web>
<authorization>
<allow users="projdev\prospects"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
The problem is that I CAN browse all .htm pages under the folder Protected. The pages named .aspx is protected as they should.
Is it not "allowed" to use .htm pages in my app, or am I doing something wrong?
Regards Magnus