Does authorization support web.config files other than aspx?

Question

Does authorization support web.config files other than aspx?

I have an ASP.NET form validation application. It works well, but I have one directory with olly.txt files (without aspx files) that I want users to not have access to (or just logged in to).

I added web.config to this directory:

<system.web>
    <authorization>
        <deny users="?" />
    </authorization>
</system.web>

EDIT:

This only works for .aspx files. It does not work for .txt files and the like. Users cannot view this directory or subdirectories, but knowing the name of the .txt file, they can access it.

I am running IIS6 and IIS 7.5. Files are also limited in IIS6.txt, but in IIS 7.5 it is not so that this could be a problem with configuring IIS.

+3

authentication asp.net iis-7 iis-7.5

jlp Jun 09 '11 at 10:39

source share

3 answers

slfan · Answer 1 · 2011-06-09T11:57:59+0000

-. ASP.NET , ASP.NET. IIS 5 6, .txt .jpg,.gif pure.html, aspx, asmx ..

, IIS7 , ASP.NET . , IIS5 6, mime, aspnet.isapi, .txt.

UPDATE:

 <deny users="*">

. ,

<allow roles="administrators" /> 
<deny users="*">

, . , , .

- :

<deny users="?">

Yuriy Rozhovetskiy · Answer 2 · 2011-06-09T10:43:30+0000

web.config ( ASP.NET)

Carlos Aguilar Mares · Answer 3 · 2011-06-09T21:16:06+0000

IIS 7+, system.webServer/security/authorization http://www.iis.net/ConfigReference/system.webServer/security/authorization, . system.web seciton, , , , , system.webServer/security/authorization .

Does authorization support web.config files other than aspx?

More articles: