Please note: If you find any post DOES NOT contain required amount of explanation, please do comment them with a request for more information. I will update as soon as I can attend to it. Also you can contact me with a link to the post.

Thursday, August 21, 2008

Protect file types (.xml, .doc, .html, .pdf etc.) using ASP.NET authentication: Microsoft ASP.NET

Because requests to .xml, .doc, .html, .pdf etc handled by the IIS instead of asp.net ISAPI module first it is required to configure specified extensions to be handled by the asp.net ISAPI module

How to configure custom file extension to be handled by the asp.net ISAPI module

In IIS (run ‘inetmgr’)
  1. Locate the website (or virtual directory, which configured as a web application) you want to configure custom file extensions to be secured.
  2. Right click and find the ‘Virtual Directory’ tab under properties
  3. In ‘Virtual Directory’ tab click configuration
  4. Add extension (ex: .xml) and browse aspnet_isapi.dll from the usual location (C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727). If you can’t find the exact directory perform a search and locate it.
  5. Uncheck ‘check that file exist’ checkbox just in case of request to a non existing file. then press ok
  6. If it is local it is recommend to do a IIS reset (run ‘iisreset’) if not if it is the production server or UAT, recycle the application pool
For securing asp web applications: please review my previous post - ASP.NET Authentication
Posted by Charith Shyam Gunasekara at 12:37 PM
Reactions:  
Labels: ,
Subscribe to: Post Comments (Atom)
 

Copyrights(C) - Charith Gunasekara 2005-2010