Protect EXE using defaulthttphandler?

[andy]

Hi

I have a website which i have secured using forms authentication. I
have also secured htm, pdf, doc, xls files using the httphandlers
section in the web.config and routing the requests from IIS thru
dotnet.

Now I need to secure a .exe application in a subdir. I have made it so
we have to login, but I cannot get the application to run.... I have
tried using the defaulthttphandler in the web.config but the browser
just says the page is unreachable.

The .exe is a third party product so we cannot change it. Its
basically some sort of cgi app which works fine if we just call it via
the url http:\fred\gateway.exe?someparams (and remove the mapping in
IIS).

Do i need to write my own httphandler to execute the exe and return
the web page. If so has anyone done this and can give an example?

The line in the web.config in the httphandlers section i currently
have is
<add path="*.exe" verb="*" type="System.Web.DefaultHttpHandler"
validate="true" />

Please tell me this can be done or the line above is incorrect.......

Thanks

 

[Kevin Spencer]

Give the folder containing the CGI executable Execute permission (as opposed
to script permission).

--
HTH,

Kevin Spencer
Microsoft MVP

Help test our new betas,
DSI PrintManager, Miradyne Component Libraries:
http://www.miradyne.net

 

[andy]

Thanks for the suggestion, but I have already done this, and can be
proved by removing the mapping in IIS of .exe to the dotnet
executeble. The exe works fine then, but once its remapped, it
authenticates then just gives an "Internet Explorer cannot display the
webpage" error.

Any more ideas??

Thanks

 

[andy]

Well finally made it work, it was very simple in the end..... I shall
explain cos google did not have any answers for this.....

Basically I had misunderstood setting IIS to route the requests to the
dotnet exe.
What I did was to route individual requests by
adding .exe, .htm, .html, .pdf to the application extensions section.
What I should have done was just add the dotnet dll to the wildcard
application maps just below it.

Because I had set the application extensions I was in fact creating a
circular reference, in that it would route it to dotnet. When i was
asking .exe. to go back to the defaulthttphandler it looked in the app
extensions and sent it back to dotnet.......
Now all requests for files goto dotnet and are then automatically sent
back to the correct handlers. This means the authentication kicks in
nice and easy.

You do not even need to add a httphandlers section in the web.config
file either, cos in the main.config it routes all unhandled types back
to IIS.

Its very easy when you know how..........................
Cheers