How to do Forms Authentication on purely HTML pages using ASP.NET?

可紊 提交于 2019-11-27 20:37:09

To make the HTML files locked down by your forms authetication, you need have them served by ASP.NET. You can do this in IIS by associating the extension(s) you need (eg. .html, .htm, etc) with the aspnet_isapi.dll.

Onces ASP.NET is servicing those files you can specify the permissions for them just like any aspx page.

For more information refer to MSDN:

By default, IIS processes static content itself - like HTML pages and CSS and image files - and only hands off requests to the ASP.NET runtime when a page with an extension of .aspx, .asmx, or .ashx is requested.

IIS 7, however, allows for integrated IIS and ASP.NET pipelines. With a few configuration settings you can setup IIS 7 to invoke the FormsAuthenticationModule for all requests. Furthermore, with IIS 7 you can define URL authorization rules for files of any type. For more information, see Changes Between IIS6 and IIS7 Security, Your Web Platform Security, and Understanding IIS7 URL Authorization.

Long story short, in versions prior to IIS 7, you can only use forms authentication to protect resources handled by the ASP.NET runtime. Likewise, URL authorization rules are only applied to resources handled by the ASP.NET runtime. But with IIS 7 it is possible to integrate the FormsAuthenticationModule and UrlAuthorizationModule into IIS's HTTP pipeline, thereby extending this functionality to all requests.

In IIS7 if you want to protect *.html or *.htm files (or other non .net extensions) under forms authentication then add the following lines to your web.config:

<compilation>
    <buildProviders>
        <add extension=".html" type="System.Web.Compilation.PageBuildProvider" />
        <add extension=".htm" type="System.Web.Compilation.PageBuildProvider" />
    </buildProviders>
</compilation>

AND

<system.webServer>
     <handlers>
         <add name="HTML" path="*.html" verb="GET, HEAD, POST, DEBUG"   type="System.Web.UI.PageHandlerFactory" resourceType="Unspecified" requireAccess="Script" />
         <add name="HTM" path="*.htm" verb="GET, HEAD, POST, DEBUG" type="System.Web.UI.PageHandlerFactory" resourceType="Unspecified" requireAccess="Script" />
     </handlers>
</system.webServer>

Although this is an old question, I find the link in pomarc's answer really useful. Below is the summary which is suit for IIS7.

In your web.config, add or modify <handlers> under <system.webServer>:

<handlers>
  <add name="HTML" path="*.html" verb="GET,HEAD,POST,DEBUG" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll" resourceType="Unspecified" requireAccess="Script" />
</handlers>

Replace verb value with your required one; scriptProcessor value with correct path of your environment.

Then, add or modify <compilation> and <httpHandlers> under <system.web>:

<compilation debug="false" strict="false" explicit="true">
  <buildProviders>
    <!--Add below so .html file will be handled by ASP.NET (for use of Forms Authentication)-->
    <add extension=".html" type="System.Web.Compilation.PageBuildProvider" />
  </buildProviders>
</compilation>
<httpHandlers>
  <!--Add below so .html file will be handled by ASP.NET (for use of Forms Authentication)-->
  <add verb="GET, HEAD, POST, DEBUG" path="*.html" type="System.Web.UI.PageHandlerFactory" />
</httpHandlers>

Replace verb value with your required one.

You may also include more extension separated by comma ','

I've solved the same problem a few days ago, by following the post by fr33m3 @ 11-21-2007, 3:19 PM on this thread: http://forums.asp.net/t/1184547.aspx follow all the steps from 2. to 5. and you're done!

hope this can help you like it helped me.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!