Last post Mar 19, 2009 09:58 PM by Bruce L
Mar 19, 2009 05:18 PM|Delavegaz|LINK
I have an admin that is password protected using web.config using web forms, it works ok.
Although I can't access any .aspx file (it redirects correctly to the login page), I do can access to for example, images directory or fckeditor (the wysiwyg editor) upload features (html and image files).
I'm trying to disallow the access to this content, but I can't.
I'm using 2 web.config files, once for the main site and the other for the admin, and the admin itself is configured as an application in IIS. In the web.config for the admin I add this, with no luck:
Mar 19, 2009 09:58 PM|Bruce L|LINK
Unless you are running IIS 7 in Integrated mode, image file extensions are not processed by asp.net engine and thus form authentication will not work properly.
If order to get asp.net to protect other extensions, you'll need to configure IIS to map the graphic file extension to asp.net ISAPI.