IIS Authentication : IIS authenticates the user and creates a Windows token to represent the user. IIS determines the authentication mode that it should use for a particular application by looking at IIS metabase settings. If IIS is configured to use anonymous authentication, a token for the IUSR_MACHINE account is generated and used to represent the anonymous user. IIS-then passes the token to ASP.NET Pipe Line
ASP.NET Authentication
The authentication method used is specified by the mode attribute of the authentication element. The following authentication configuration specifies that ASP.NET uses the FormsAuthenticationModule class:
You can lean more about this on MSDN click here or in Microsoft Pattern & Practices clik here
Once you have form authentication is set for a specific web site does it helps for html and other multimedia files ? Good question ? Let see how to protect html pages.
Form Authentication for html pages
we knows that authentication has two parts , so we need to make sure that html request should go through ASP.NET pipeline.So we have to tell IIS that all these extensions should be processd through Asp.net pipe line.
IIS5 OR IIS6
a.) right click on your virtual directory --> properties
b.) find the virtual directories tab for IIS 5.0 or the Home directories tab for IIS 6.0 and click "Configuration"
c.) find the .aspx extension, double click, and copy the path to aspnet_isapi.dll, the path being found in the executable text area
d.) click "add" under the "application configuration" window and paste the path to aspnet_isapi.dll inf the executable text area
f.) type ".htm" (without the quotes) in the extension text area (this can be replace with any file extension eg: asp/html)
e.) while still in the "add/edit application extension mapping" window click the "limit to" radio button and type "GET,HEAD,POST,DEBUG"
f.) ensure that the "script engine" radio button is selected but not the "verify the file exists" radio button
IIS 7
a, Go to you site in IIS
b, Under IIS section click on Handler Mapping (It will open mapping List)
c, Select asmx Mapping and click on Edit.
d, In Request path add html (*.aspx,*.html)
e, Click on Request restriction button and make sure the settings as said above iis5 or iis6
Now we can route all the html pages throug ASP.NET pipeline.Now we let the IIS to know how the html pages should be processed , so next step is to tell ASP.NET how to process these files.How we can do that any guess ? , For all asp.net application all these process information are in the web.config file so lets update the web.config file.Basically we need to specify the httphandler.
Add the following entry to Httphandler in system.web section web.config file
<httphandlers>
< verb="GET,HEAD,POST,DEBUG" path="*.html" type="System.Web.UI.PageHandlerFactory">
</httpHandlers>
In the compilation section add the following
<compilation explicit="true" strict="false" debug="false">
<buildproviders>
<add type="System.Web.Compilation.PageBuildProvider" extension=".html">
</buildproviders>
</compilation>
Now its ready to go.Hope this will help in understanding form authentication implimentation for html pages.
No comments:
Post a Comment