CODEWITHSUNDEEP
asp.netasp.net-mvcauthorizationowinstatic-files
Anthony Compton
Anthony Compton

Reputation: 5361

Authorization for Static Files in ASP.NET MVC w/ Owin

I have the need to secure an entire folder of static HTML files. The intention is that a user cannot access these files unless they are authenticated and have the necessary role.

We've got cookie-based authentication set up using OWIN, but no matter what I try I can't seem to figure out the correct combination of changes to make to require authentication on the folder.

The first problem is that IIS is skipping ASP.NET completely and just serving the files. I think there's probably a way around that by setting runAllManagedModulesForAllRequests to true. But where do I go from there?

I've tried stuffing elements in the Web.config to require the proper roles, but it just results in EVERY request getting denied (presumably because it's not inspecting the proper cookie or something).

I've spent my entire day on this and I'm about to lose my mind.

Has anyone solved this problem?

Upvotes: 8

Views: 5396

Answers (1)

Davit Tvildiani
Davit Tvildiani

Reputation: 1965

  1. IIS is serving static files , if you want to stop this you can remove default static file handler and than every request is serverd by MVC/OWIN.
  2. Than make static file handling and authorization in your controller : listen/map route where static files are located

to remove default static file handler add this to web.config file:

<configuration>
    <system.webServer>
        <handlers>
           <remove name="StaticFile" />
        </handlers>
    </system.webServer>
</configuration>

Upvotes: 3

Related Questions