4

I have some static (pure html) pages in my MVC application that I need to authenticate, so that not just anybody can look at them. Is there an way to do this without moving all the code to asp files and adding a controller and from there use the Authorize attribute? I would really prefer to not need to do this!

Improve this question

2 Answers 2

Reset to default
3

I looked into role-based security, and I found that adding

<location path="StaticPages">
    <system.web>
      <authorization>
        <deny users="?"/>
      </authorization>
    </system.web>
</location>

to the web.config file worked like a charm! It blocks any users who are not logged into the website.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

If those static HTML pages are in a separate folder, You could configure IIS & Windows Folder security using IIS Admin.

You might also want to look at role based security , however I'm not sure if that will work for static HTML files (non .aspx).

Improve this answer

2 Comments

Thanks! I looked into role based security, and our solution to block out any user who was not logged in is as follows: <location path="StaticPages"> <system.web> <authorization> <deny users="?"/> </authorization> </system.web> </location> worked like a charm!
You must be using IIS7 then, since my suspicion is that this would not be possible in IIS6... Is that true?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.