Thursday, August 21, 2008

Protect file types (.xml, .doc, .html, .pdf etc.) using ASP.NET authentication: Microsoft ASP.NET

Because requests to .xml, .doc, .html, .pdf etc handled by the IIS instead of ISAPI module first it is required to configure specified extensions to be handled by the ISAPI module

How to configure custom file extension to be handled by the ISAPI module

In IIS (run ‘inetmgr’)
  1. Locate the website (or virtual directory, which configured as a web application) you want to configure custom file extensions to be secured.
  2. Right click and find the ‘Virtual Directory’ tab under properties
  3. In ‘Virtual Directory’ tab click configuration
  4. Add extension (ex: .xml) and browse aspnet_isapi.dll from the usual location (C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727). If you can’t find the exact directory perform a search and locate it.
  5. Uncheck ‘check that file exist’ checkbox just in case of request to a non existing file. then press ok
  6. If it is local it is recommend to do a IIS reset (run ‘iisreset’) if not if it is the production server or UAT, recycle the application pool
For securing asp web applications: please review my previous post - ASP.NET Authentication

No comments:

iPhone Launch Screen Sizes

iPhone Portrait iOS 8 Retina HT 5.5 = 1242 X 2208 Retna HD 4.7 = 750 X 1134 iPhone Landscape iOS 8 Retina HD 5.5  2208 X 1242 iPho...