I have some static (pure html) pages in my MVC application that I need to authenticate, so that not just anybody can look at them. Is there an way to do this without moving all the code to asp files and adding a controller and from there use the Authorize attribute? I would really prefer to not need to do this!
A:
If those static HTML pages are in a separate folder, You could configure IIS & Windows Folder security using IIS Admin.
You might also want to look at role based security , however I'm not sure if that will work for static HTML files (non .aspx).
Roberto Sebestyen
2010-07-30 16:20:51
Thanks! I looked into role based security, and our solution to block out any user who was not logged in is as follows:<location path="StaticPages"> <system.web> <authorization> <deny users="?"/> </authorization> </system.web> </location>worked like a charm!
2010-08-02 18:13:02
You must be using IIS7 then, since my suspicion is that this would not be possible in IIS6... Is that true?
Roberto Sebestyen
2010-08-03 16:31:10
A:
I looked into role-based security, and I found that adding
<location path="StaticPages">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
to the web.config file worked like a charm! It blocks any users who are not logged into the website.