How do I protect static files with ASP.NET form authentication on IIS 7.5?

by

If you application pool is running in Integrated mode then you can do the following.

Add the following to your top level web.config.

  <system.webServer>
    <modules>
      <add  name="FormsAuthenticationModule"  type="System.Web.Security.FormsAuthenticationModule" />
      <remove  name="UrlAuthorization" />
      <add  name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule"  />
      <remove  name="DefaultAuthentication" />
      <add  name="DefaultAuthentication"  type="System.Web.Security.DefaultAuthenticationModule" />
    </modules>
  </system.webServer>

Now you can use the standard ASP.NET permissions in your web.config to force forms authentication for all files in the directory.

<system.web>
    <authorization>
        <deny users="?" />
    </authorization>
    <authentication mode="Forms" />
</system.web>

More Related Contents:

  1. How to increase request timeout in IIS?
  2. Windows Authentication for ASP.NET MVC 4 – how it works, how to test it
  3. The configuration section ‘system.web.extensions’ cannot be read because it is missing a section declaration
  4. IIS AppPoolIdentity and file system write access permissions
  5. Fixing slow initial load for IIS
  6. Avoid web.config inheritance in child web application using inheritInChildApplications
  7. How to set correct file permissions for ASP.NET on IIS
  8. How to give ASP.NET access to a private key in a certificate in the certificate store?
  9. Asp.Net Forms Authentication when using iPhone UIWebView
  10. What is default hash algorithm that ASP.NET membership uses?
  11. IIS7 Overrides customErrors when setting Response.StatusCode?
  12. Difference between and ?
  13. X-Frame-Options Allow-From multiple domains
  14. MVC 5 Access Claims Identity User Data
  15. Mailbox unavailable. The server response was: 5.7.1 Unable to relay for [email protected] [closed]
  16. HTTP Error 500.19 – Internal Server Error
  17. Can PHP and ASP.Net run together within the same web site in IIS 7.5?
  18. Login failed for user ‘NT AUTHORITY\NETWORK SERVICE’
  19. asp.net cookies, authentication and session timeouts
  20. What do I need to change to allow my IIS7 ASP.Net 3.5 application to create an event source and log events to Windows EventLog?
  21. ASP.NET MVC on IIS 7.5 – Error 403.14 Forbidden
  22. double escape sequence inside a url : The request filtering module is configured to deny a request that contains a double escape sequence
  23. IIS7 – The request filtering module is configured to deny a request that exceeds the request content length
  24. Script not served by static file handler on IIS7.5
  25. The remote host closed the connection. The error code is 0x800704CD
  26. IIS and Static content?
  27. Web authentication state – Session vs Cookie?
  28. ASP.NET session state and multiple worker processes
  29. Requests hanging on Session module on IIS 7.5
  30. IIS AAR – URL Rewrite for reverse proxy – how to send HTTP_HOST

Leave a Comment