Using web.config directory security and extensionless urls

Posted by Matt Brailsford on Stack Overflow See other posts from Stack Overflow or by Matt Brailsford
Published on 2010-02-19T20:43:10Z Indexed on 2010/03/12 21:47 UTC
Read the original article Hit count: 242

Filed under:

web-config

|

security

|

authentication

|

authorization

|

ASP.NET

Hi Guys,

I'd like to use the built in directory security features built into the web.config to restrict access to child pages of a parent page. My structure is as follows:

Members
Members/News
Members/Press
Members/Movies

Users should be able to have access to the members parent page, but not child pages. My problem is, because I am using extensionless URLs, the web.config thinks this is a directory and so access is blocked. Is there a way to say only restrict access for sub pages?

© Stack Overflow or respective owner

Related posts about web-config

Child web.config can't clear <pages><controls> from parent web.config

as seen on Stack Overflow - Search for 'Stack Overflow'
How can I "clear" the vendor defined <controls> in my child app's web.config? Parent Web Config. <system.web> <pages> <controls>  <add tagPrefix="asp" namespace="VENDOR.Web.UI.Base" assembly="System… >>> More
Configure Forms based authentication in SharePoint 2010

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Configuring form authentication is a straight forward task in SharePoint. Mostly public facing websites built on SharePoint requires form based authentication. Recently, one of the WCM implementation where I was included in the project team required registration system. Any internet user can… >>> More
Allowing creation/modification of virtual aliases using web.config

as seen on Server Fault - Search for 'Server Fault'
Hi, I've been given a problem to fix, and I initially thought of .htaccess files, except for one thing, I quickly realized it's an IIS server. Is it possible to allow a webmaster the ability to modify the virtual directories using web.config files in the same way you can using .htaccess files? … >>> More
SharePoint 2010 - Access denied during ApplyWebConfigModifications()

as seen on Stack Overflow - Search for 'Stack Overflow'
I have SharePoint 2010 installed on a Windows Server 2008 R2 machine which is also hosting SQL Sever 2008 R2. I am attempting to deploy a solution that includes web parts in the 2010 environment that is working fine in MOSS 2007. The Web Part feature has a feature receiver that updates the web.config… >>> More
Custom RoleProvider with MVC 2.0 webconfig

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a custom MembershipProvider and a custom RoleProvider. I created the custom MembershipProvider by creating a SimpleMembershipProvider class which implements the MembershipProvider class. After that I changed my web.config and works. So I used the same approach creating a custom RoleProvider… >>> More

Related posts about security

sudo apt-get update errors

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
Here is what I get on my terminal when running sudo apt-get update errors. I dont know if the issue is from my sources.list or my proxy setup(have not made any changes to proxies). Thank you for any help in advanced. Ign http://security.ubuntu.com oneiric-security Release.gpg Ign http://security… >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Devx - Search for 'Devx'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Internet.com - Search for 'Internet.com'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
StackOverFlowError while creating Mac object on AS400/Java

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello all, I am a newbie to AS400-Java programming. I am trying to create my first program to test the implementation of Message Authentication Code (MAC). I am trying to use the HMACSHA1 hash function. My (Java 1.4) program runs fine on a dev box (V5R4).But fails terribly on the QA box (V5R3). My… >>> More
Google App Engine - Spring Security Issue (java.security.AccessControlException)

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm currently getting the AccessControlException below when I deploy to app engine (I don't see it when I run in my local environment). I'm using GAE 1.3.1, Spring 3.0.1, and Spring Security 3.0.2. Any ideas how to get around this issue? It appears to be an issue with Spring Security trying to get… >>> More