.net – Forms authentication for classic ASP on IIS 7.0

asp-classicforms-authenticationiis-7net

I am trying to integrate ASP.NET Security with Classic ASP.
Like in next article – http://weblogs.asp.net/scottgu/archive/2007/03/04/tip-trick-integrating-asp-net-security-with-classic-asp-and-non-asp-net-urls.aspx, but I have IIS 7.0 instead of IIS 6.0 as in example.

You can find my configuration file below (after adding of wildcard script tags)

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <handlers accessPolicy="Read, Script">
            <add name="ISAPI x64" path="*" verb="*" modules="IsapiModule" scriptProcessor="C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_isapi.dll" resourceType="Unspecified" requireAccess="None" preCondition="classicMode,runtimeVersionv2.0,bitness64" />
            <add name="ISAPI x32" path="*" verb="*" modules="IsapiModule" scriptProcessor="C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll" resourceType="Unspecified" requireAccess="None" preCondition="classicMode,runtimeVersionv2.0,bitness32" />
        </handlers>
    </system.webServer>

 <system.web>
  <authentication mode="Forms">
   <forms loginUrl="Login.aspx"></forms>
  </authentication>
 </system.web>

 <location path="page.asp">
  <system.web>
   <authorization>
    <deny users="?" />
    <allow users="*" />
   </authorization>
  </system.web>
 </location>

 <location path="default.asp">
  <system.web>
   <authorization>
    <deny users="?" />
    <allow users="*" />
   </authorization>
  </system.web>
 </location>
</configuration>

But application calls ASP pages without any authentication.

I didn't work with classic ASP before, therefore I have looked for any info that can help me.

I found another one interested article http://support.microsoft.com/kb/891028 – "Protecting classic ASP pages using forms authentication" part.
Nice solution, but in this case I need implement security code (ASP script code) on every page.

And does next phrase mean that first solution won't work?

Protecting classic ASP pages with forms authentication is not supported by design because ASP and ASP.NET use different handlers…

Can anyone select me solution/way to do Based-Forms authentication for classic ASP on IIS 7.0?

Best Answer

You can do this using IIS 7 Integrated Mode, as described here.

Related Topic