Protect static file on Asp Net Classic Mode with Forms Authentication

Question

i'm struggling to resolve this issue since yesterday.

I have a site (framework 4.0), hosted in a Windows Server with IIS 7.5 in Classic Mode. Unfortunately i can't changed this to Integrated Mode.

I need to protect files contained in a folder.

Only authenticated user (with forms authentication) have to access to them. anonymous user not.

I tried to protect folder in this way in webconfig:

<location path="Riservata/Files">
      <system.web>
        <authorization>
          <deny users="?" />
        </authorization>
      </system.web>
</location>

But i still access to these files directly.

Someone can help me?

score 0 · Answer 1 · answered Oct 13 '20 at 13:48

For future users: i solved this issue writing a wildcard on my IIS 7.5. IIS wrote automatically a new web.config on the folder i want to protect:

<configuration>
    <system.webServer>
        <handlers>
            <add name="Proteggi_File_WildCard" path="*" verb="*" modules="IsapiModule" scriptProcessor="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" resourceType="Unspecified" requireAccess="None" preCondition="classicMode,runtimeVersionv4.0,bitness64" />
        </handlers>
    </system.webServer>
</configuration>

This code activates the ISAPI module and brings all calls ("*") to the ASP NET pipeline, so if the user is not authenticated through the forms authentications, a redirect to the login page occurs.

Protect static file on Asp Net Classic Mode with Forms Authentication

1 Answers1