secure folder for non-.aspx files

[lleemon]

My client is moving from a linux to a windows shared server that uses the following:
Plesk Panel 9.5
PHP Version 5.2.13
ASP.NET framwork version: 2.0.50727.0

They currently are using .htaccess in several folders that make the user have separate credentials that relate to each folder.

Is there a way to do this on the new location using web.config? I tried using .htaccess but doesn't seem to work. I am able to get the .aspx files in a folder so if accessed and not logged in it goes to a login page.

If I have a bunch of .html pages in a folder, can I configure web.config so if someone goes to one of the .html pages direct it asks for credentials?

Thanks.

[sapator]

Hi not familiar with .htaccess but you can use the users account with the credentials you want, if that is what you are asking.

[lleemon]

sapator - not sure I understand what you mean. how would I setup my web.config if I have the following:

folder1/
-file1.html
-file2.html
-file3.html
-file4.aspx

Right now if you go to site.com/folder1/file1.html it won't take you to a login page if in the web.config you have the location set as follows:

Code:

<location path="folder1">
		<system.web>
			<authorization>
				<allow roles="ADMIN,USER,SALES"/>
				<deny users="?"/>
			</authorization>
		</system.web>
    </location>

The only way it kicks in is if you go to site.com/folder1/file4.aspx.

This working site has over 20 folders each with 100's of .htm/.html pages that will take some time to convert to .aspx if I have to change filetype.

[sapator]

I though you wanted to control your web server security.So anyhow have a read:
http://msdn.microsoft.com/en-us/library/b6x6shw7.aspx
http://support.microsoft.com/kb/316871

[lleemon]

This does provide good info but I don't see where it says how to change for .html files. Here is a sample site.

This is the web.config I have for the above:

Code:

<?xml version="1.0"?>
<configuration>
    
    <appSettings/>       
    <connectionStrings/>
    <system.web>

        <compilation debug="false" strict="false" explicit="true">
        </compilation>

        <authentication mode="Forms">
            <forms name=".4loopAuth" loginUrl="~/login.aspx" protection="All" timeout="30" slidingExpiration="true">
                <credentials passwordFormat = "Clear">
                    <user name="john"
                    password="doe"/>
                </credentials>
            </forms>
        </authentication>

        <pages>
          <namespaces>
            <clear />
            <add namespace="System" />
            <add namespace="System.Collections" />
            <add namespace="System.Collections.Generic" />
            <add namespace="System.Collections.Specialized" />
            <add namespace="System.Configuration" />
            <add namespace="System.Text" />
            <add namespace="System.Text.RegularExpressions" />
            <add namespace="System.Web" />
            <add namespace="System.Web.Caching" />
            <add namespace="System.Web.SessionState" />
            <add namespace="System.Web.Security" />
            <add namespace="System.Web.Profile" />
            <add namespace="System.Web.UI" />
            <add namespace="System.Web.UI.WebControls" />
            <add namespace="System.Web.UI.WebControls.WebParts" />
            <add namespace="System.Web.UI.HtmlControls" />
          </namespaces>
        </pages>
    </system.web>
    <location path="testfolder">
        <system.web>
            <authorization>
                <allow roles="SALES"/>
                <deny users="?"/>
            </authorization>
        </system.web>
    </location>
</configuration>

[sapator]

I don't see any html page specified in your web.config

[gep13]

Hello lleemon,

Probably the "cleanest" way to implement this, although it will take some work, would be to add an ASP.NET Handler for requests to a certain type of file, in your case HTML, and then in your code, decide whether it is allowed or not.

You can see an article talking about this here:

http://www.rcs-solutions.com/blog/20...ughASPNET.aspx

Hope that helps!

Gary