A quick and simple way of protecting *.html files in an ASP.NET web application is to enable runAllManagedModulesForAllRequests in the web.config file. In addition, set the authorization settings as required on locations that need authenticated access.
|
1 2 3 4 5 6 7 8 9 10 11 |
<system.webServer> <modules runAllManagedModulesForAllRequests="true" /> </system.webServer> <location path="SecurePages"> <system.web> <authorization> <deny users="?" /> </authorization> </system.web> </location> |
This will cause all requests to go through the authentication module, which will trigger the ASP.NET authentication mechanism.
Note that this solution has caveats, so use it with caution.