Protecting *.html files in ASP.NET

A quick and simple way of protecting *.html files in an ASP.NET web application is to enable runAllManagedModulesForAllRequests in the web.config file. In addition, set the authorization settings as required on locations that need authenticated access.

This will cause all requests to go through the authentication module, which will trigger the ASP.NET authentication mechanism.

Note that this solution has caveats, so use it with caution.

Leave a Reply