locked
Resource Authentication Using Only Web Config RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User1928065626 posted

    I have a legacy project that's comprised of CSS, Javascript, and HTML files and I want to secure this project by limiting access to the HTML files using Role Based Authentication. But I'm going to make one thing clear and that is I'm not planning to recreate my files as WebForms or MVC files. All I want to do is use a web service or perhaps a web api to authenticate the users by querying a database, then authorize users with the web config file.

    I know I can use the web config file settings to limit access to folders but what I don't know is if it's possible to add roles to the database and some how use those roles to access the HTML files in the folders. As I mentioned above, I'm not interested in converting my files into WebForms or MVC files. Can what I described above be done?

    Friday, May 1, 2020 2:19 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User475983607 posted

    The IIS static file handler render HTML files.  You could write a custom IIS html handler to manages security for this particular application.  

    https://docs.microsoft.com/en-us/iis/configuration/system.webserver/handlers/add

    You could also try mapping html files to the ASP.NET ISAPI module.

    https://forums.iis.net/t/1177987.aspx

    This will pass the request to ASP.NET which makes the ASP.NET authentication and authorization features available.  Of course you'll need to write code to authenticate a user which I assume will be be Web Forms or MVC.

    Friday, May 1, 2020 3:20 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User1928065626 posted

    Hi, Thanks for your help.

    I've decided to map html files to the ASP.NET ISAPI module using the configurations below which I got from the link you provided, in my own web config file:

    <?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
          <handlers>
            <add name="htm-to-aspx-isapi" path="*.htm" verb="*" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll" resourceType="Unspecified" preCondition="classicMode,runtimeVersionv2.0,bitness32" />
            <add name="htm-to-aspx" path="*.htm" verb="*" type="System.Web.UI.PageHandlerFactory" resourceType="Unspecified" preCondition="integratedMode" />
        </handlers>
    </system.webServer>
    <system.web>
        <compilation>
         <buildProviders>
            <add extension=".htm" type="System.Web.Compilation.PageBuildProvider"/>
         </buildProviders>
      </compilation>
   </system.web>
</configuration>

    Can I use the configuration above exactly the way it is or do I need to modify it? 

    Saturday, May 2, 2020 2:54 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User475983607 posted

    Can I use the configuration above exactly the way it is or do I need to modify it? 

    I can't answer this question.

    Did you try the configuration and it did not work as expected? 

    Do all files have an .htm extension?  

    The configuration is set to use .NET 2.  Does .NET 2 have all the feature you need?  You can go to .NET 4.

    Saturday, May 2, 2020 9:38 AM