I have a need to secure a particular aspx file from most users of the system. We will call it X. I have a virtual directory on an 2k3 server pointed to folder Y which contains file X. The site itself is using SSL and Windows authenication.

I have a group called A created in active directory that needs access to the application all other users do not. I have tired file and folder level security using NTFS permissions and the application doesn't work if they are applied.

I am new to ASP.NET and would like the simplest way to secure this file.   Any help would be appreciated.

 Thank you

 B

Here is one example of

  <location path="X.apx">
    <system.web>
      <authorization>
        <allow users="?" />
      </authorization>
    </system.web>
  </location>
</configuration>

http://support.microsoft.com/kb/316871

Thanks I will try it. Another question though does this web.config file go inside of the folder containing the file or in the root?

Thank you

Typically you will have a Web.config file in the root folder. This is not a requirement. Technically you can have a Web.config file in any folder of your application.

MORE INFO: ASP.NET Configuration is implemented using a Hierarchical Configuration Architecture.

It doesn't seem to be working for me. am I missing something (realizing that is a loaded question)?

?xml version="1.0"?>
<configuration>
<location path="folderY">
    <system.web>
       <authentication mode="Windows"/>
        <authorization>
            <allow roles="domain\group" />
            <deny users="*" />
          </authorization>
   </system.web>
 </location>
</configuration>

Thank you