A
Allen Harkleroad
Hi,
I have a strange problem. We develop CMS solutions and in our asp.net 1.1
version I can restrict downloads by mapping the file extension to the 1.1
aspnet_isapi DLL, I also restrict the folder containing the restricted
download files to prevent direct access to them. I am winning Server 2003
with IIS 6, both 1.1 and 2.0 are installed properly (we have both 1.1 and
2.0 sites running.
However we migrated our CMS to 2.0 and all is well and works properly except
the fact that when I map the file extension to the 2.0 aspnet_isapi DLL in
IIS and restrict the folder as I did in 1.1 logged in users get a timeout
trying to download the fie, non-logged in users of course get our access
denied/login as they should.
If I remove the mapping them any user (non-logged in and logged in) can
access and download the file.
In the web.config (Content is the folder containing restricted files (*.zip
mapped in IIS).
<location path="Content">
<system.web>
<authorization>
<allow roles="Admins"/>
<allow roles="Editors"/>
<allow roles="Subscribers"/>
<deny users="*" />
</authorization>
</system.web>
</location>
Is there a change in asp.net 2.0 from 1.1 that I missing? The same routine
works perfectly in our asp.net 1.1 version.
I have a strange problem. We develop CMS solutions and in our asp.net 1.1
version I can restrict downloads by mapping the file extension to the 1.1
aspnet_isapi DLL, I also restrict the folder containing the restricted
download files to prevent direct access to them. I am winning Server 2003
with IIS 6, both 1.1 and 2.0 are installed properly (we have both 1.1 and
2.0 sites running.
However we migrated our CMS to 2.0 and all is well and works properly except
the fact that when I map the file extension to the 2.0 aspnet_isapi DLL in
IIS and restrict the folder as I did in 1.1 logged in users get a timeout
trying to download the fie, non-logged in users of course get our access
denied/login as they should.
If I remove the mapping them any user (non-logged in and logged in) can
access and download the file.
In the web.config (Content is the folder containing restricted files (*.zip
mapped in IIS).
<location path="Content">
<system.web>
<authorization>
<allow roles="Admins"/>
<allow roles="Editors"/>
<allow roles="Subscribers"/>
<deny users="*" />
</authorization>
</system.web>
</location>
Is there a change in asp.net 2.0 from 1.1 that I missing? The same routine
works perfectly in our asp.net 1.1 version.