I know how to protect my static (HTML) pages in IIS6, and how to do it using the IIS7 Integrated Pipeline, but how can I protect my HTML pages from unauthorised access in IIS7 when running in Classic Mode?
It's an ASP.NET site using forms authentication.
Best Answer
ASP.NET forms authentication has nothing to do with resources that aren't handled by ASP.NET, like HTML files. Two options:
1) Tell ASP.NET to handle the static file types you are concerned with (HTML, etc)
2) Disable anonymous access for your site
But now you've got me curious... how does this change with IIS7 Integrated Pipeline vs Classic mode?