IIS 6 ASP.NET default handler-mappings and virtual directories
- by mlauter
I'm having a problem with setting a default mapping in IIS 6. I want to secure *.HTML files with ASP.NET forms authentication. The problem seems to have something to do with using virtual directories to hold the html files. Here's how it's setup:
sample directory tree
c:/inetpub/ (nothing in here)
d:/web_files/my_web_apps
d:/web_files/my_web_apps/app1/
d:/web_files/my_web_apps/app2/
d:/web_files/my_web_apps/html_files/
app1 and app2 both access the same html_files directory, so html_files is set as a virtual directory in the web apps in IIS...
sample web directory tree
//app1/html_files/ (points to physical directory: d:/web_files/my_web_apps/html_files/)
//app2/html_files/ (points to physical directory: d:/web_files/my_web_apps/html_files/)
If I put a file called test.html in the root of //app1/ and then add the default mapping to the asp.net dll and setup my security on the root folder with deny="?", then accessing test.html works exactly as expected. If I'm not authenticated, it takes me to the login.aspx page, and if I am authenticated then it displays test.html.
If I put the test.html file in the html_files directory I get a totally different behavior. Now the login.aspx page loads and I stuck some code in to check if I was still authenticated:
<p>autheticated: <%=User.Identity.IsAuthenticated%></p>
I figured it would say false because why else would it bother to load the login page? Nope, it says true - so it knows i'm authenticated, but it won't give me access to the test.html file.
I've spent several hours on this and haven't been able to solve it. I'm going to spend some more time on google to see if I've missed something. Fingers crossed.