secure folder for non-.aspx files
My client is moving from a linux to a windows shared server that uses the following:
Plesk Panel 9.5
PHP Version 5.2.13
ASP.NET framwork version: 2.0.50727.0
They currently are using .htaccess in several folders that make the user have separate credentials that relate to each folder.
Is there a way to do this on the new location using web.config? I tried using .htaccess but doesn't seem to work. I am able to get the .aspx files in a folder so if accessed and not logged in it goes to a login page.
If I have a bunch of .html pages in a folder, can I configure web.config so if someone goes to one of the .html pages direct it asks for credentials?
Thanks.
Re: secure folder for non-.aspx files
Hi not familiar with .htaccess but you can use the users account with the credentials you want, if that is what you are asking.
Re: secure folder for non-.aspx files
sapator - not sure I understand what you mean. how would I setup my web.config if I have the following:
folder1/
-file1.html
-file2.html
-file3.html
-file4.aspx
Right now if you go to site.com/folder1/file1.html it won't take you to a login page if in the web.config you have the location set as follows:
Code:
<location path="folder1">
<system.web>
<authorization>
<allow roles="ADMIN,USER,SALES"/>
<deny users="?"/>
</authorization>
</system.web>
</location>
The only way it kicks in is if you go to site.com/folder1/file4.aspx.
This working site has over 20 folders each with 100's of .htm/.html pages that will take some time to convert to .aspx if I have to change filetype.
Re: secure folder for non-.aspx files
Re: secure folder for non-.aspx files
This does provide good info but I don't see where it says how to change for .html files. Here is a sample site.
This is the web.config I have for the above:
Code:
<?xml version="1.0"?>
<configuration>
<appSettings/>
<connectionStrings/>
<system.web>
<compilation debug="false" strict="false" explicit="true">
</compilation>
<authentication mode="Forms">
<forms name=".4loopAuth" loginUrl="~/login.aspx" protection="All" timeout="30" slidingExpiration="true">
<credentials passwordFormat = "Clear">
<user name="john"
password="doe"/>
</credentials>
</forms>
</authentication>
<pages>
<namespaces>
<clear />
<add namespace="System" />
<add namespace="System.Collections" />
<add namespace="System.Collections.Generic" />
<add namespace="System.Collections.Specialized" />
<add namespace="System.Configuration" />
<add namespace="System.Text" />
<add namespace="System.Text.RegularExpressions" />
<add namespace="System.Web" />
<add namespace="System.Web.Caching" />
<add namespace="System.Web.SessionState" />
<add namespace="System.Web.Security" />
<add namespace="System.Web.Profile" />
<add namespace="System.Web.UI" />
<add namespace="System.Web.UI.WebControls" />
<add namespace="System.Web.UI.WebControls.WebParts" />
<add namespace="System.Web.UI.HtmlControls" />
</namespaces>
</pages>
</system.web>
<location path="testfolder">
<system.web>
<authorization>
<allow roles="SALES"/>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>
Re: secure folder for non-.aspx files
I don't see any html page specified in your web.config
Re: secure folder for non-.aspx files
Hello lleemon,
Probably the "cleanest" way to implement this, although it will take some work, would be to add an ASP.NET Handler for requests to a certain type of file, in your case HTML, and then in your code, decide whether it is allowed or not.
You can see an article talking about this here:
http://www.rcs-solutions.com/blog/20...ughASPNET.aspx
Hope that helps!
Gary
