ASP.NET

protect images directory from web.config RSS

1 reply

Last post Mar 19, 2009 08:58 PM by Bruce L

‹ Previous Thread|Next Thread ›

- Reply
Delavegaz

Member

56 Points

234 Posts

protect images directory from web.config

Mar 19, 2009 04:18 PM|LINK

I have an admin that is password protected using web.config using web forms, it works ok.

Although I can't access any .aspx file (it redirects correctly to the login page), I do can access to for example, images directory or fckeditor (the wysiwyg editor) upload features (html and image files).

I'm trying to disallow the access to this content, but I can't.

I'm using 2 web.config files, once for the main site and the other for the admin, and the admin itself is configured as an application in IIS. In the web.config for the admin I add this, with no luck:

<location path="images">
<system.web>
<authorization>
<deny users="?" />
</authorization> </system.web>
</location>
- Moved by ecbruck on Mar 19, 2009 04:53 PM
- Reply
Bruce L

All-Star

18102 Points

2841 Posts

Re: protect images directory from web.config

Mar 19, 2009 08:58 PM|LINK

Unless you are running IIS 7 in Integrated mode, image file extensions are not processed by asp.net engine and thus form authentication will not work properly.

If order to get asp.net to protect other extensions, you'll need to configure IIS to map the graphic file extension to asp.net ISAPI.

Bruce

http://www.discountASP.NET
- Marked as answer by Thomas Sun – MSFT on Mar 25, 2009 09:59 AM

‹ Previous Thread|Next Thread ›