Monday, 15 March 2010

asp.net - How to restrict access to static files in IIS 7.5 Classic mode -



asp.net - How to restrict access to static files in IIS 7.5 Classic mode -

i need restrict access static html files in several asp.net applications. applications implement own authentication mechanisms looks need files go through asp.net request processing pipeline instead of "standard" iis static content handling. of applications relatively modern asp.net mvc applications , utilize integrated pipeline on iis 7.5 , looks not big deal need them. others legacy asp.net web sites working on classic pipeline mode (iis 7.5) , @ moment not possible move them integrated pipeline reasons.

upd: issue applications contain static files (help pages) , unauthorized user can see them if type direct url. , task create application show login page in such case.

adding handler web.config:

<add name="statichtmlhandler" path="*.htm*" verb="*" modules="isapimodule" scriptprocessor="c:\windows\microsoft.net\framework\v4.0.30319\aspnet_isapi.dll" resourcetype="unspecified" precondition="classicmode,runtimeversionv4.0,bitness32" />

caused me exception:

[httpexception (0x80004005): failed execute url] system.web.hosting.isapiworkerrequestinprocforiis6.beginexecuteurl(string url, string method, string childheaders, boolean sendheaders, boolean adduserindo, intptr token, string name, string authtype, byte[] entity, asynccallback cb, object state) +4136452 system.web.httpresponse.beginexecuteurlforentireresponse(string pathoverride, namevaluecollection requestheaders, asynccallback cb, object state) +653 system.web.defaulthttphandler.beginprocessrequest(httpcontext context, asynccallback callback, object state) +279 system.web.callhandlerexecutionstep.system.web.httpapplication.iexecutionstep.execute() +12551795 system.web.httpapplication.executestep(iexecutionstep step, boolean& completedsynchronously) +288

so doing wrong? can point me right way?

i've never tried methods, have fw 1.1, classic asp. , modern web apps mixed on web servers. create seperate app pool per framework. run 1.1 on 1.1 classic mode app pool create, , run modern apps on app pool: integrated fw 4.0. classic asp stuff out of scope question. each app pool it's own process, there's no real downside using more app pools, 1 app pool per application acceptable security policy example.

asp.net iis-7 static-content

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)