Tips.
Generally when using Forms authentication in ASP.NET you are able to secure your .aspx pages but you have not secured Images or documents like Ms-Word, Excel etc. A quick tip to secure these items is that you can configure that these extensions should be served by asp.net and not IIS.
In your IIS , Right click on the Virtual Directory and select Properties.
On Configuration Ta, a dialog box appears with the list of file extensions.
Click Add and Enter the extension type in the textbox such as .doc .ppt etc.
Point your path to aspnet_isapi.dll found under %windir%\Microsoft.NET\Framework\v1.1.4322\
In "Limit to" radio button and put the same properties as like for aspx files i.e. GET, POST etc.
Its Done!
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment