I have a legacy project that's comprised of CSS, Javascript, and HTML files and I want to secure this project by limiting access to the HTML files using Role Based Authentication. But I'm going to make one thing clear and that is I'm not planning to recreate
my files as WebForms or MVC files. All I want to do is use a web service or perhaps a web api to authenticate the users by querying a database, then authorize users with the web config file.
I know I can use the web config file settings to limit access to folders but what I don't know is if it's possible to add roles to the database and some how use those roles to access the HTML files in the folders. As I mentioned above, I'm not interested
in converting my files into WebForms or MVC files. Can what I described above be done?
This will pass the request to ASP.NET which makes the ASP.NET authentication and authorization features available. Of course you'll need to write code to authenticate a user which I assume will be be Web Forms or MVC.
I've decided to map html files to the ASP.NET ISAPI module using the configurations below which I got from the link you provided, in my own web config file:
Member
28 Points
113 Posts
Resource Authentication Using Only Web Config
May 01, 2020 02:19 PM|madjester|LINK
I have a legacy project that's comprised of CSS, Javascript, and HTML files and I want to secure this project by limiting access to the HTML files using Role Based Authentication. But I'm going to make one thing clear and that is I'm not planning to recreate my files as WebForms or MVC files. All I want to do is use a web service or perhaps a web api to authenticate the users by querying a database, then authorize users with the web config file.
I know I can use the web config file settings to limit access to folders but what I don't know is if it's possible to add roles to the database and some how use those roles to access the HTML files in the folders. As I mentioned above, I'm not interested in converting my files into WebForms or MVC files. Can what I described above be done?
All-Star
53001 Points
23595 Posts
Re: Resource Authentication Using Only Web Config
May 01, 2020 03:20 PM|mgebhard|LINK
The IIS static file handler render HTML files. You could write a custom IIS html handler to manages security for this particular application.
https://docs.microsoft.com/en-us/iis/configuration/system.webserver/handlers/add
You could also try mapping html files to the ASP.NET ISAPI module.
https://forums.iis.net/t/1177987.aspx
This will pass the request to ASP.NET which makes the ASP.NET authentication and authorization features available. Of course you'll need to write code to authenticate a user which I assume will be be Web Forms or MVC.
Member
28 Points
113 Posts
Re: Resource Authentication Using Only Web Config
May 02, 2020 02:54 AM|madjester|LINK
Hi, Thanks for your help.
I've decided to map html files to the ASP.NET ISAPI module using the configurations below which I got from the link you provided, in my own web config file:
<?xml version="1.0" encoding="UTF-8"?> <configuration> <system.webServer> <handlers> <add name="htm-to-aspx-isapi" path="*.htm" verb="*" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll" resourceType="Unspecified" preCondition="classicMode,runtimeVersionv2.0,bitness32" /> <add name="htm-to-aspx" path="*.htm" verb="*" type="System.Web.UI.PageHandlerFactory" resourceType="Unspecified" preCondition="integratedMode" /> </handlers> </system.webServer> <system.web> <compilation> <buildProviders> <add extension=".htm" type="System.Web.Compilation.PageBuildProvider"/> </buildProviders> </compilation> </system.web> </configuration>Can I use the configuration above exactly the way it is or do I need to modify it?
All-Star
53001 Points
23595 Posts
Re: Resource Authentication Using Only Web Config
May 02, 2020 09:38 AM|mgebhard|LINK
I can't answer this question.
Did you try the configuration and it did not work as expected?
Do all files have an .htm extension?
The configuration is set to use .NET 2. Does .NET 2 have all the feature you need? You can go to .NET 4.