I have an application that has a subfolder called "Docs" (actually a virtual directory) where I keep all of my word documents. I don't want these documents to be accessed by any unauthenticated users but for some reason regardless of what I put in my root web.config or my "Docs" web.config IIS still serves the word up to any user.
+1
A:
I assume the files in that folder are .doc
Unless you have modified your IIS configuration, .doc files are not handled by ASP.NET (they should by default be handled by the straight IIS file handler). That means the asp.net dll never sees the request, and so any settings in ASP.NET's web.config file are meaningless.
You would need to configure IIS to identify .doc files as being handled by the ASP.NET dll, or use a wildcard mapping so that all files on your server go through ASP.NET (keep in mind that this adds overhead to have every single static file request go through a full server side programming framework)
David
2009-08-05 14:17:13
I actually did that. I mapped .doc extensions in IIS to ASP.NET and I mapped an HttpHandler in the web.config to *.doc extensions but this seems to only work for .doc files in the root folder and not the "Docs" folder. I also tried adding a web.config in the "Docs" folder that maps the HttpHandler but nothing seems to work.
2009-08-05 14:22:55
A:
Your virtual directory is a separate app that might not be governed by the root. Add the web.config and mappings to the virtual directory.
If this is just a personal thing (your question reads two ways), I would just use an IIS-level password on the folder by removing anonomous access.
Wyatt Barnett
2009-08-05 14:25:19
So I had done all of that (except for the anonymous access thing because these are dynamically generated documents by the users of the app) and nothing seemed to work. I was testing all of these settings by hitting the same document . . . which was cached in my browser. Hitting a new document gave me the desired result. Wow, that was awful. Thanks for the help!
2009-08-05 14:32:18