locked
Secure Folder With Anonymous Authentication RRS feed

  • Question

  • User-663662722 posted

    One of our apps has two kinds of authentication enabled in IIS: anonymous and forms.

    Is it possible to secure a folder and all of its subfolders within this app? In other words, can I stop people from accessing this folder and all its subfolders over the web?

    <configuration>
        <location path="subdir1">
            <system.web>
                <authorization>
                    <deny users ="*" />
                </authorization>
            </system.web>
        </location>
    </configuration>

    This is how we are told to do it, but does this work with anonymous authentication?

    Sunday, November 23, 2014 5:15 PM

All replies

  • User-1716253493 posted

    try allow rolles or users = "nobody"

    Sunday, November 23, 2014 7:15 PM
  • User-663662722 posted

    Thanks. Could you please give me an example of what you mean by that?

    Sunday, November 23, 2014 7:23 PM
  • User-663662722 posted

    Which one of these are you asking me to try? How is the example I posted earlier different to what these are recommending?

    Sunday, November 23, 2014 7:50 PM
  • User-663662722 posted

    I'm starting to think that the answer to my question is to allow anonymous/forms access on the root folder, but disable anonymous access on the subfolder which is supposed to be secured. This seems to be the obvious solution, but none of the articles I read recommended this. Instead, all the articles I read recommended using the <location> element to define subfolders which are supposed to be secure. The articles mentioned above certainly recommend that, but none of those articles seem to work.

    Why is such a simple thing so hard in ASP/IIS?

    Monday, November 24, 2014 4:54 PM
  • User-663662722 posted

    I've been having difficulty with IIS because our server is on a slightly older version. I will be upgrading IIS this weekend and then I will document where I am up to with this problem.

    Thursday, November 27, 2014 5:35 PM