Geek Answers Handbook

Windows Authentication for a Single File

Environment: IIS 6.0, ASP.NET 3.5

I need to protect only one file using Windows authentication and just want me to correctly understand my settings.

  • Through IIS, disable anonymous access to the file that I want security and make sure that the integrated Windows Security is checked.
  • Place the file in your own directory and release the web.config file, which contains the authorization configuration for this directory, which requires Windows authentication.

Is there a way to configure web configuration to control access to a single file? Will any of the security attributes help me lock a single file here?

Thanks in advance Kevin

+4
source share
3 answers

Put the file in your own directory and release the web.config file, which has an authorization configuration for this directory that requires Windows authentication

You cannot mix authentication providers for a single application. So, for example, you cannot have forms authentication for ~ / and Windows authentication for ~ / Secure. You can work around this by making ~ / Secure another application in IIS, but this greatly complicates the deployment and testing of IMO.

I ran into this problem while trying to protect ASMX services with basic authentication from a domain, but being in the same application as forms authenticated pages. I ended up hacking the main auth task in the ASMX service itself to request credentials.

+3
source

This should be possible with the <location> .

http://support.microsoft.com/kb/316871

I know that in the past I did the opposite and used it to provide access to one resource and refused all other unauthenticated users. Should work the same in reverse order.

+2
source

If you want web.config to be used, you need to make sure that the directory in which it is placed is the IIS virtual directory. This should do the trick, since the security restrictions of web.config will manage all the files in this directory.

0
source

More articles:


All Articles