views:

39

answers:

1

Hello,

I am trying to integrate ASP.NET Security with Classic ASP. Like in next article - http://weblogs.asp.net/scottgu/archive/2007/03/04/tip-trick-integrating-asp-net-security-with-classic-asp-and-non-asp-net-urls.aspx, but I have IIS 7.0 instead of IIS 6.0 as in example.

You can find my configuration file below (after adding of wildcard script tags)

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <handlers accessPolicy="Read, Script">
            <add name="ISAPI x64" path="*" verb="*" modules="IsapiModule" scriptProcessor="C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_isapi.dll" resourceType="Unspecified" requireAccess="None" preCondition="classicMode,runtimeVersionv2.0,bitness64" />
            <add name="ISAPI x32" path="*" verb="*" modules="IsapiModule" scriptProcessor="C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll" resourceType="Unspecified" requireAccess="None" preCondition="classicMode,runtimeVersionv2.0,bitness32" />
        </handlers>
    </system.webServer>

 <system.web>
  <authentication mode="Forms">
   <forms loginUrl="Login.aspx"></forms>
  </authentication>
 </system.web>

 <location path="page.asp">
  <system.web>
   <authorization>
    <deny users="?" />
    <allow users="*" />
   </authorization>
  </system.web>
 </location>

 <location path="default.asp">
  <system.web>
   <authorization>
    <deny users="?" />
    <allow users="*" />
   </authorization>
  </system.web>
 </location>
</configuration>

But application calls ASP pages without any authentication.

I didn't work with classic ASP before, therefore I have looked for any info that can help me.

I found another one interested article http://support.microsoft.com/kb/891028 - "Protecting classic ASP pages using forms authentication" part. Nice solution, but in this case I need implement security code (ASP script code) on every page.

And does next phrase mean that first solution won't work?

Protecting classic ASP pages with forms authentication is not supported by design because ASP and ASP.NET use different handlers...

Can anyone select me solution/way to do Based-Forms authentication for classic ASP on IIS 7.0?

+1  A: 

You can do this using IIS 7 Integrated Mode, as described here.

SLaks
Yes, thank you, I saw this solution here -http://forums.asp.net/t/1427825.aspx. I inserted <modules runAllManagedModulesForAllRequests="true"/> tag instead of three module tags and it worked the same. Do you know any disvantages of runAllManagedModulesForAllRequests="true"?
Maxim Polishchuk
Yes, that means that all managed modules will run for all requests, this can have a negative performance impact depending on how perf-critical your application is, if you follow what the article says (just authentication modules) then the managed code modules will not run for ASP (for example ASP.NET Windows Auth, ASP.NET Output Cache, ASP.ENT Session State, etc which are useless in your scenario)
CarlosAg