TechQA.

IIS 8.0 access rights to files in a forbidden folder

43 views Asked by At

I have a Asp.net website, with a folder /Images. I set my web.config in order to deny access to anonymous users: If anonymous users try to access MyWebsite/Images : Erreur HTTP 403.14 - Forbidden , so it's OK for this.

But when they write the full Url with the filename : MyWebsite/Images/pict.png , they can open the file !

I've tried this in my web.config, but doesn't work... :

<location>
    <system.web>
      <authorization>
        <deny users="?" />
      </authorization>
    </system.web>
  </location>

I've this authentication mode:

<authentication mode="Forms">
      <forms loginUrl="~/Account/Login" timeout="2880" defaultUrl="~/"/>
    </authentication>
authentication iis rights
Original Q&A
1

There are 1 answers

0
Brandon Spilove On

By default, only managed code is affected by your web.config authentication settings such as aspx and ashx pages. If you want to apply those settings to non-managed code, such as images, pdf files or other html pages, you could add the following:

<configuration>
    ...
    <system.webServer>
        <modules runAllManagedModulesForAllRequests="true">
        ...
        </modules>
    </system.webServer>
</configuration

Related Questions in AUTHENTICATION

Related Questions in IIS

Related Questions in RIGHTS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions