Asp – deny ASP.NET anonymous access to all files

asp.netauthentication

My hypothetical website doesn't allow anonymous access and uses Forms Authentication. So the initial request for www.example.com/SomePage.aspx is redirected to www.example.com/Login.aspx?ReturnUrl=SomePage.aspx.

However users can still access URLs that aren't served by ASP.NET, e.g.: www.example.com/Images/AnImage.jpg or www.example.com/TextFile.txt.

Is it possible to deny anonymous access to these files and use the same Forms Authentication?

Best Answer

Yes - You must register ASP.NET for every file (.*) extension. this you have to configurate in ISS.

Related Solutions

How to keep the Login.aspx page’s ReturnUrl parameter from overriding the ASP.NET Login control’s DestinationPageUrl property

I found the answer on Velocity Reviews. I handled the LoggedIn event to force a redirection to the DestinationPageUrl page.

Public Partial Class Login
    Inherits System.Web.UI.Page

    Protected Sub Login1_LoggedIn(ByVal sender As Object, _  
            ByVal e As System.EventArgs) Handles Login1.LoggedIn
        'overrides ReturnUrl page parameter
        Response.Redirect(Login1.DestinationPageUrl)
    End Sub

End Class

Authentication settings in IIS 7.5 and ASP.Net, what is difference

There's another component you need to configure: authorization. If you don't, unauthorized users have access to all pages and will not be redirected to the login page. For example:

<authorization>
    <deny users="?" />
</authorization>

This specifies that all unauthenticated users are denied access to pages in your application. The authorization element is part of the system.web configuration section.

Best Answer

Related Solutions

How to keep the Login.aspx page’s ReturnUrl parameter from overriding the ASP.NET Login control’s DestinationPageUrl property

Authentication settings in IIS 7.5 and ASP.Net, what is difference

Related Topic