IIS 8.0 access rights to files in a forbidden folder

Question

IIS 8.0 access rights to files in a forbidden folder

50 views Asked by nicolas At 16 September 2024 at 03:53

I have a Asp.net website, with a folder /Images. I set my web.config in order to deny access to anonymous users: If anonymous users try to access MyWebsite/Images : Erreur HTTP 403.14 - Forbidden , so it's OK for this.

But when they write the full Url with the filename : MyWebsite/Images/pict.png , they can open the file !

I've tried this in my web.config, but doesn't work... :

<location>
    <system.web>
      <authorization>
        <deny users="?" />
      </authorization>
    </system.web>
  </location>

I've this authentication mode:

<authentication mode="Forms">
      <forms loginUrl="~/Account/Login" timeout="2880" defaultUrl="~/"/>
    </authentication>

Original Q&A

There are 1 answers

**Brandon Spilove** · Answer 1 · 2014-12-19 03:10:47

By default, only managed code is affected by your web.config authentication settings such as aspx and ashx pages. If you want to apply those settings to non-managed code, such as images, pdf files or other html pages, you could add the following:

<configuration>
    ...
    <system.webServer>
        <modules runAllManagedModulesForAllRequests="true">
        ...
        </modules>
    </system.webServer>
</configuration

TechQA.

IIS 8.0 access rights to files in a forbidden folder

There are 1 answers

Related Questions in AUTHENTICATION

Related Questions in IIS

Related Questions in RIGHTS

Popular Questions

Popular Tags

Trending Questions