authentication issue of IIS 6.0

views:

193

answers:

authentication issue of IIS 6.0

Hello everyone,

I am using Windows Server 2003 + VSTS 2008 + .Net 3.5 + C# + ASP.Net + IIS 6.0. I host some files (wmv video file and html file) on the web server, I want to know whether there are any easy to use authentication approach to let user input username and password before they can access (I want to prevent anonymous access)? Since the web site has also aspx ASP.Net page, and I want to use an unified authentication solution for wmv, html and aspx page. If prefer any solution which utilizes username and password stored in SQL Server database which my application already has/use.

Any ideas?

thanks in advance, George

+1 A:

Take a look at Custom HTTP Modules which are plugged into the asp.net pipeline. You can effectively insert an authentication layer over any resources you wish to protect.

Andrew Siemer 2009-09-20 06:42:15

I think customer Http Module can only handle aspx request, can it handle non-aspx request, like html and wmv?

George2 2009-09-20 08:03:11

I made some study and seems we have to use ISAPI filter?

George2 2009-09-20 10:51:38

Oh you upgrade to Server 2008 and IIS 7

Lex Li 2009-09-20 12:38:31

Sorry I can not. Looks like the only solution is to write ISAPI filter? No other easier solutions?

George2 2009-09-20 15:00:02

You should be able to map any extension you like to be processed by the .net pipeline and when that happens your custom http module will get fired for your wmv file and authentication can be managed from there.

Andrew Siemer 2009-09-21 01:48:21

+1 A:

I would recommend you check out the ASP.NET Membership Provider.

It's the most "unified" authentication solution I've seen that's provided out-of-the-box for asp.net developers.

That way, you can use the default asp.net sql membership provider (or create your own implementation of it), have it set up your user/role tables (if you're using the sql membership provider), and then lock each folder down for authentication in your web.config.

I've been using the membership provider (as well as the roles provider) in many projects so far, under many different implementations.

Also, take a look at How To: Use Forms Authentication with SQL Server in ASP.NET 2.0

CitizenBane 2009-09-20 15:11:55

Thanks, I think your solution only works for aspx file, not working for html/wmv files. Any comments?

George2 2009-09-21 03:13:23

Take a look at http://support.microsoft.com/kb/316871You can set authorization to individual files (whether aspx or not).

CitizenBane 2009-09-21 13:57:41

When using IIS 6, if you want to leverage ASP.NET Forms Authentication to restrict access to non-ASP.NET files and resources (.pdf, .gif, .jpg, .wmv etc) , you would have to map a wildcard to the ASP.NET 2.0 ISAPI filter.

You can do this via:

Web Site Properties -> Home Directory Tab -> Click Configuration -> Mappings Tab

Click the "Insert" button and add the following path in the text box labelled "Executable":

c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll

Kev 2009-09-23 22:43:49

ansaurus

tags:

views:

answers:

authentication issue of IIS 6.0

related questions