Activate form authentication for CSV files in IIS7

views:

answers:

Activate form authentication for CSV files in IIS7

I have a website on IIS 7. This website has a HttpModule with an AuthorizeRequest event handler. This event does not fire for CSV files and I can access the file without logging in, I guess this is because IIS7 is not configured to require form autentication for CSV files.

How can I set this?

This will impact all files, but you can add a mapping to your server configuration:

Go to the properties of your website and click on "Handler Mappings".
In the upper right corner click, "Add Module Mapping".
Put "*.csv" in the Request Path.
Select "IsapiModule" for module.
Find the aspnet_isapi.dll in the framework folder of the appropriate .net framework you are using under Executable.
Give it a name.
Check the tabs in "Request Restrictions" for more options.

This should force any .csv request to parse through asp.net (thus invoking formsauthentication) before servicing the request.

EDIT: Alternatively you can add a wildcard script mapping as desribed here: http://learn.iis.net/page.aspx/508/wildcard-script-mapping-and-iis-7-integrated-pipeline/

This will force authentication to all non-.net files (pdfs, docs, anything).

Joel Etherton 2010-09-28 15:13:58

I still can access the file with no authentication and AuthorizeRequest is not fired... Can you think of anything I can check?

Lince81 2010-09-28 15:32:44

@Lince81 - see edit.

Joel Etherton 2010-09-28 15:36:22

The recommendation that is given here will only work if your Application Pool is running in Classic Mode, if your app pool is running in Integrated Mode you want to probably enable Forms Authentication and your module for all requests. See: http://learn.iis.net/page.aspx/244/how-to-take-advantage-of-the-iis7-integrated-pipeline/

CarlosAg 2010-09-29 04:37:40

@CarlosAg - You should put that as an answer as well in case it turns out to be the OPs solution.

Joel Etherton 2010-09-29 09:43:15

Hi, my application pool is running in classic mode. Tryed to add the wild card and now when I ask for the csv file a "Windows sevurity" window pops up asking user and password, it looks to me that is using windows authentication and not form authentication. I might have changed something while trying to fix the problem...

Lince81 2010-09-29 10:24:28

@Lince81 - what version of .Net are you using?

Joel Etherton 2010-09-29 10:31:57

@Joel - if I go in application pools, right click on default and "Basic settings" it says ".Net Framework v2.0.50727"

Lince81 2010-09-29 10:43:20

@Lince81 - then in the wildcard mapping you should be using the file: C:\Windows\Microsoft.Net\Framework\v2.0.50727\aspnet_isapi.dll to achieve this effect.

Joel Etherton 2010-09-29 12:01:38

Hi, this answer explains how to achive what I was looking for. I inserted in web.config the lines in chapter 3 and 4 of the referenced guide, and changed ".htm" with ".csv", maybe someone can optimize the solution for *.csv files. but for me it does what I needed.

Lince81 2010-09-29 12:55:42

ansaurus

tags:

views:

answers:

Activate form authentication for CSV files in IIS7

related questions