Thursday, July 22, 2010

Protect html files using form authentication:

1.) follow the guide found here ( ) to configure the login page and default.aspx page

2.) configure .htm, .asp. etc. etc. extensions to use the same filter as a standard .aspx page:

a.) right click on your virtual directory --> properties

b.) find the virtual directories tab for IIS 5.0 or the Home directories tab for IIS 6.0 and click "Configuration"

c.) find the .aspx extension, double click, and copy the path to aspnet_isapi.dll, the path being found in the executable text area

d.) click "add" under the "application configuration" window and paste the path to aspnet_isapi.dll inf the executable text area

f.) type ".htm" (without the quotes) in the extension text area (this can be replace with any file extension eg: asp/html)

e.) while still in the "add/edit application extension mapping" window click the "limit to" radio button and type "GET,HEAD,POST,DEBUG"

f.) ensure that the "script engine" radio button is selected but not the "verify the file exists" radio button

3.) add the following to the script.web heading in web.config file for the directory:

<add verb="GET, HEAD, POST, DEBUG" path="*.htm" type="System.Web.UI.PageHandlerFactory"/>
<add verb="GET, HEAD, POST, DEBUG" path="*.html" type="System.Web.UI.PageHandlerFactory"/>
<add verb="GET, HEAD, POST, DEBUG" path="*.asp" type="System.Web.UI.PageHandlerFactory"/>

note: add any other extensions that were configuration in the application configuration window

4.) find the "compilation: section of the web.config file and ensure it looks like the following:

<compilation debug="false" strict="false" explicit="true">
<add extension=".htm" type="System.Web.Compilation.PageBuildProvider" />
<add extension=".asp" type="System.Web.Compilation.PageBuildProvider" />
<add extension=".html" type="System.Web.Compilation.PageBuildProvider" />

5.) Go grab a coffee, you're done!

No comments:

Post a Comment