Access control?

O

Olav Tollefsen

I have the following in the Web.config file (root directory):

<authentication mode="Forms">
<forms name="Login"
loginUrl="Login.aspx"
protection="All"
timeout="60"
path="/" />
</authentication>
....
<authorization>
<deny users="?" />
</authorization>
....
<location path="LostPassword.aspx">
<system.web>
<authorization>
<allow users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</location>

My question:

How does this affect access to files in other directories like the
Images folder? Does the above control access to images file types at all
or does it only protect execution of .aspx files?

Olav
 
K

Ken Cox [Microsoft MVP]

Hi Olav,

If you wanted to handle Images folder as a special case, you would provide
only the folder name, without the page name:

<location path="Images">
 
S

Scott Allen

Hi Olav:

ASP.NET will only control access to file types mapped to the
aspnet_isapi.dll in the script mappings for the application. For
example: aspx and ascx are access controlled, .jpg and .png are not.

HTH,
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Forms Authentication not Redirecting 1
location element in web.config 1
Restrict access to Classic ASP pages in web.config 2
How can ASPNET access the Northwind database 1
Forms Authentication for single directory 1
Resource protected by Form based aythetication 13
Is the login control with sql server express a known bug 7
Specifying all files except Login.aspx and Join.aspx are restricted to authenticated users 1

Members online

No members online now.
Total: 57 (members: 0, guests: 57)
Robots: 371

Forum statistics

Threads
473,994
Messages
2,570,223
Members
46,810
Latest member
Kassie0918

Latest Threads

Top