Generally when using Forms authentication in ASP.NET you are able to secure your .aspx pages but you have not secured Images or documents like Ms-Word, Excel etc. A quick tip to secure these items is that you can configure that these extensions should be served by asp.net and not IIS.
1. In your IIS , Right click on the Virtual Directory and select Properties.
2. On Configuration Ta, a dialog box appears with the list of file extensions.
3. Click Add and Enter the extension type in the textbox such as .doc .ppt etc.
4. Point your path to aspnet_isapi.dll found under %windir%\Microsoft.NET\Framework\v1.1.4322 5. In "Limit to" radio button and put the same properties as like for aspx files i.e. GET, POST etc.
Its Done!
Enjoy!!
Wednesday, March 16, 2005
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment