Last post Nov 27, 2014 05:35 PM by kruddler
Nov 23, 2014 05:15 PM|Kruddler|LINK
One of our apps has two kinds of authentication enabled in IIS: anonymous and forms.
Is it possible to secure a folder and all of its subfolders within this app? In other words, can I stop people from accessing this folder and all its subfolders over the web?
<deny users ="*" />
This is how we are told to do it, but does this work with anonymous authentication?
Nov 23, 2014 07:15 PM|oned_gk|LINK
try allow rolles or users = "nobody"
Nov 23, 2014 07:23 PM|Kruddler|LINK
Thanks. Could you please give me an example of what you mean by that?
Nov 23, 2014 07:30 PM|oned_gk|LINK
Nov 23, 2014 07:50 PM|Kruddler|LINK
Which one of these are you asking me to try? How is the example I posted earlier different to what these are recommending?
Nov 24, 2014 04:54 PM|Kruddler|LINK
I'm starting to think that the answer to my question is to allow anonymous/forms access on the root folder, but disable anonymous access on the subfolder which is supposed to be secured. This seems to be the obvious solution, but none of the articles I read
recommended this. Instead, all the articles I read recommended using the <location> element to define subfolders which are supposed to be secure. The articles mentioned above certainly recommend that, but none of those articles seem to work.
Why is such a simple thing so hard in ASP/IIS?
Nov 27, 2014 05:35 PM|Kruddler|LINK
I've been having difficulty with IIS because our server is on a slightly older version. I will be upgrading IIS this weekend and then I will document where I am up to with this problem.