Professional Web Applications Themes

Web.Config and Virtual Directory - ASP.NET Security

We have a intranet site that allows one of our departments to search a set of pdfs and then look at them. Only problem is that only they and us geeks should be allowed to see the pdfs. We have it locked down except for when a person directly types in the url to a pdf. Currently, the PDFs are in a virtual directory off the root of the server. Putting it under the search site also doesn't work. My understanding is that IIS looks as the virtual directory as a separate site and will not carry web.config settings down ...

  1. #1

    Default Web.Config and Virtual Directory

    We have a intranet site that allows one of our departments to search a set
    of pdfs and then look at them. Only problem is that only they and us geeks
    should be allowed to see the pdfs. We have it locked down except for when a
    person directly types in the url to a pdf. Currently, the PDFs are in a
    virtual directory off the root of the server. Putting it under the search
    site also doesn't work. My understanding is that IIS looks as the virtual
    directory as a separate site and will not carry web.config settings down to
    it. Putting a web.config in the virtual directory directly doesn't work
    either. How do I secure this virtual directory so only certain users can
    get to the pdfs?

    Scott


    Wm. Scott Miller Guest

  2. #2

    Default Re: Web.Config and Virtual Directory

    What form of authentication are you using? If its Windows you can lock down
    access to the directory using Windows groups through IIS.
    Otherwise there's alternatives depending on your security model.

    "Wm. Scott Miller" <Scott.Millerspam.killer.wvinsurance.gov> wrote in
    message news:%23CAaQJrMEHA.340TK2MSFTNGP11.phx.gbl...
    > We have a intranet site that allows one of our departments to search a set
    > of pdfs and then look at them. Only problem is that only they and us
    geeks
    > should be allowed to see the pdfs. We have it locked down except for when
    a
    > person directly types in the url to a pdf. Currently, the PDFs are in a
    > virtual directory off the root of the server. Putting it under the search
    > site also doesn't work. My understanding is that IIS looks as the virtual
    > directory as a separate site and will not carry web.config settings down
    to
    > it. Putting a web.config in the virtual directory directly doesn't work
    > either. How do I secure this virtual directory so only certain users can
    > get to the pdfs?
    >
    > Scott
    >
    >

    Janaka Guest

Similar Threads

  1. virtual directory
    By triadwm in forum Macromedia Flash Flashcom
    Replies: 15
    Last Post: November 19th, 09:35 PM
  2. Web Server Config tool not seeing IIS6 virtual site.
    By theMex in forum Coldfusion Server Administration
    Replies: 0
    Last Post: August 5th, 07:39 PM
  3. j2ee config and virtual hosts
    By kylewright in forum Coldfusion - Advanced Techniques
    Replies: 0
    Last Post: June 7th, 06:42 PM
  4. Multiple web.config files in a virtual directory
    By Raghu in forum ASP.NET Security
    Replies: 6
    Last Post: May 27th, 07:28 PM
  5. Have to Be A Virtual Directory?
    By Chan in forum ASP.NET Web Services
    Replies: 5
    Last Post: January 19th, 01:49 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139