|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Securing static filesIn short my problem is securing static pages, so that unauthorized (anonymous) people doesn't get access to these files. You'll find a detailed description below. I have a websolution that is made in Dotnet 2.0. The solution send the user to a correct module based on the users credentials. The users credentials are compared with username and password in MS SQL database which provide the right path to where the user is going. Thus the solution uses Form authentication to verify the user. The desination after login is mostly static pages (htm/html) calling Flash modules. One of my problems (not the biggest) is that the user keeps getting throwed out and have to log on again - several times. We need to get the application to be more presistant when the user has logged on. I'm not sure why the user have to log on all the time, but my guess is that when the user uses the flash module, IIS is not aware that the user is still logged on and when the user finally requests a new page there's been a timeout. In this case I have to find a solution to make the user beeing loged in. I guess I can use a cookie for this, but then I guess the user will always come to the same module. The user has to be presented the login page on startup each time, because the user might try another module. My biggest problem is after associating aspnet_isapi.dll with htm/html in IIS I'm not able to view htm/html at all. I get "Page cannot be displayed", however some modules end on ".asp" and these files show okey, though ASP is associated as well with asp_isapi.dll. I've tried to find a solution based on this article: http://msdn.microsoft.com/msdnmag/issues/05/11/SecureWebApps/ but I'm not sure if it's the best for me. Hope there is some who can help me with this. Kind regards, Jon Haakon Hi,
a) Flash files generally run on the client. So even if you associate a flash file (or the containing HTML) with ASP.NET, if the client spends 20+ minutes playing with the flash file on their client browser and don't make any requests to the server, the forms authentication ticket will still expire b) The "page can not be displayed" is a generic error. Look further down the page to see what the real error message is. Do you see a "500 Internal Server Error"? or "404 File Not Found"? or "Can not contact server or DNS error"? What do you see? Cheers Ken Show quoteHide quote "Jon Haakon Ariansen" <jona@spama.no> wrote in message news:Owg3wJFlGHA.1260@TK2MSFTNGP05.phx.gbl... > Hi, > > In short my problem is securing static pages, so that unauthorized > (anonymous) people doesn't get access to these files. You'll find a > detailed description below. > > I have a websolution that is made in Dotnet 2.0. The solution send the > user > to a correct module based on the users credentials. The users credentials > are compared with username and password in MS SQL database which provide > the > right path to where the user is going. Thus the solution uses Form > authentication to verify the user. > The desination after login is mostly static pages (htm/html) calling Flash > modules. > > One of my problems (not the biggest) is that the user keeps getting > throwed > out and have to log on again - several times. We need to get the > application > to be more presistant when the user has logged on. I'm not sure why the > user > have to log on all the time, but my guess is that when the user uses the > flash module, IIS is not aware that the user is still logged on and when > the > user finally requests a new page there's been a timeout. In this case I > have > to find a solution to make the user beeing loged in. I guess I can use a > cookie for this, but then I guess the user will always come to the same > module. The user has to be presented the login page on startup each time, > because the user might try another module. > > My biggest problem is after associating aspnet_isapi.dll with htm/html in > IIS I'm not able to view > htm/html at all. I get "Page cannot be displayed", however some modules > end > on ".asp" and these files show okey, though ASP is associated as well with > asp_isapi.dll. > I've tried to find a solution based on this article: > http://msdn.microsoft.com/msdnmag/issues/05/11/SecureWebApps/ > but I'm not sure if it's the best for me. > > Hope there is some who can help me with this. > > Kind regards, > > Jon Haakon > > > > Hi Ken,
I finally found a solution on why I couldn't see htm/html and other static files. I've added: <httpHandlers> <add path="*.htm" verb="*" type="System.Web.StaticFileHandler" /> <add path="*.html" verb="*" type="System.Web.StaticFileHandler" /> <add path="*.asp" verb="*" type="System.Web.StaticFileHandler" /> </httpHandlers> to my web.config, and I can now view these static files. But my next question is for how long. Previosly we had a dotnet 1.1 solution that worked pretty good, but the enduser was kicked out back to the login page. I'm woundering if this is because the user has been using the flash file for to long that a session_timeout has occured?? Is there any other solutions then to increase the limit for session_timeout? Thanks a lot for your help, Ken! Kind regards, Jon Haakon Show quoteHide quote "Ken Schaefer" <kenREM***@THISadOpenStatic.com> wrote in message news:eJzIcOOlGHA.3740@TK2MSFTNGP02.phx.gbl... > Hi, > > a) Flash files generally run on the client. So even if you associate a > flash file (or the containing HTML) with ASP.NET, if the client spends 20+ > minutes playing with the flash file on their client browser and don't make > any requests to the server, the forms authentication ticket will still > expire > > b) The "page can not be displayed" is a generic error. Look further down > the page to see what the real error message is. Do you see a "500 Internal > Server Error"? or "404 File Not Found"? or "Can not contact server or DNS > error"? What do you see? > > Cheers > Ken > > > "Jon Haakon Ariansen" <jona@spama.no> wrote in message > news:Owg3wJFlGHA.1260@TK2MSFTNGP05.phx.gbl... >> Hi, >> >> In short my problem is securing static pages, so that unauthorized >> (anonymous) people doesn't get access to these files. You'll find a >> detailed description below. >> >> I have a websolution that is made in Dotnet 2.0. The solution send the >> user >> to a correct module based on the users credentials. The users credentials >> are compared with username and password in MS SQL database which provide >> the >> right path to where the user is going. Thus the solution uses Form >> authentication to verify the user. >> The desination after login is mostly static pages (htm/html) calling >> Flash >> modules. >> >> One of my problems (not the biggest) is that the user keeps getting >> throwed >> out and have to log on again - several times. We need to get the >> application >> to be more presistant when the user has logged on. I'm not sure why the >> user >> have to log on all the time, but my guess is that when the user uses the >> flash module, IIS is not aware that the user is still logged on and when >> the >> user finally requests a new page there's been a timeout. In this case I >> have >> to find a solution to make the user beeing loged in. I guess I can use a >> cookie for this, but then I guess the user will always come to the same >> module. The user has to be presented the login page on startup each time, >> because the user might try another module. >> >> My biggest problem is after associating aspnet_isapi.dll with htm/html in >> IIS I'm not able to view >> htm/html at all. I get "Page cannot be displayed", however some modules >> end >> on ".asp" and these files show okey, though ASP is associated as well >> with >> asp_isapi.dll. >> I've tried to find a solution based on this article: >> http://msdn.microsoft.com/msdnmag/issues/05/11/SecureWebApps/ >> but I'm not sure if it's the best for me. >> >> Hope there is some who can help me with this. >> >> Kind regards, >> >> Jon Haakon >> >> >> >> > > 
Other interesting topics
|
|||||||||||||||||||||||
