Solved

Forms Authentication not protecting html files

Posted on 2014-09-30
4
336 Views
Last Modified: 2014-09-30
Hi Experts I have a sub folder with .aspx and .html files. I have Forms Authentication set up in such a way to allow access to the entire site but restrict access to an admin folder. I have noticed that navigating to the full path of an HTML file inside the admin folder allows me access however all .aspx files operate as expected i.e. redirect to login page if user is not authenticated. Any ideas?

Root web.config is as follows;

    <authentication mode="Forms">
      <forms name="appNameAuth" loginUrl="login.aspx" timeout="30" defaultUrl="~/Admin/Tools.aspx">
      </forms>
    </authentication>
    <authorization>
      <allow users="*" />
    </authorization>

  </system.web>

  <location path="Admin">
    <system.web>
      <authorization>
        <deny users="?"/>
      </authorization>
    </system.web>
  </location>

Open in new window

0
Comment
Question by:takwirirar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 26

Expert Comment

by:Shaun Kline
ID: 40352199
Change the extension of the pages to .aspx. ASPX pages are handled through an add-on in IIS, while HTML pages are handled directly by IIS.
0
 
LVL 1

Author Comment

by:takwirirar
ID: 40352229
Hi Shaun, thanks for that, what would happen then if I had other file types to be protected that I could not change to .aspx without breaking they way they work e.g. a .PDF file?
0
 
LVL 26

Accepted Solution

by:
Shaun Kline earned 500 total points
ID: 40352370
One suggestion is to add the following to the system.webserver section of your web.config file:
<modules runAllManagedModulesForAllRequests="false">
      <remove name="FormsAuthenticationModule" />
      <add name="FormsAuthenticationModule" type="System.Web.Security.FormsAuthenticationModule" />
      <remove name="UrlAuthorization" />
      <add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule"  />
      <remove name="RoleManager" />
      <add name="RoleManager" type="System.Web.Security.RoleManagerModule" />
      <remove name="DefaultAuthentication" />
      <add name="DefaultAuthentication" type="System.Web.Security.DefaultAuthenticationModule" />
</modules>

Open in new window


The first module handles the forms authentication that you are already doing. The second module handles URL authentication (Microsoft website.
The third module handles role authentication, if you are using it.
The fourth module verifies that the user has been authenticated.
0
 
LVL 1

Author Closing Comment

by:takwirirar
ID: 40352439
Wow!!!
0

Featured Post

Get HTML5 Certified

Want to be a web developer? You'll need to know HTML. Prepare for HTML5 certification by enrolling in July's Course of the Month! It's free for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lots of people ask this question on how to extend the “MembershipProvider” to make use of custom authentication like using existing database or make use of some other way of authentication. Many blogs show you how to extend the membership provider c…
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question