Tip/Trick: Integrating ASP.NET Security with Classic ASP and Non-ASP.NET URLs

Tip/Trick: Integrating ASP.NET Security with Classic ASP and Non … | ASP.NET Security Watch

Sun, 31 May 2009 19:51:15 GMT

Pingback from Tip/Trick: Integrating ASP.NET Security with Classic ASP and Non … | ASP.NET Security Watch

Pro Information Center » Blog Archive » Removing the .SVC Extension from WCF REST URLs

Thu, 29 Jan 2009 05:58:40 GMT

Pingback from Pro Information Center » Blog Archive » Removing the .SVC Extension from WCF REST URLs

Rubber Meets the Corn Crab » Blog Archive » Filtering SQL injection from Classic ASP with .NET under IIS5 and IIS6

Mon, 25 Aug 2008 22:28:31 GMT

Pingback from Rubber Meets the Corn Crab » Blog Archive » Filtering SQL injection from Classic ASP with .NET under IIS5 and IIS6

Converting to GraffitiCMS from Wordpress

Accidental Technologist — Fri, 18 Apr 2008 13:20:47 GMT

As my faithful readers probably know, I have been running my blog for the past 3 years on the free Wordpress hosted service. Wordpress is a great service with really good uptime and they are always improving their features. The only limitations I have

Inferis’ Mind Dump » Blog Archive » links for 2008-03-19

Inferis’ Mind Dump » Blog Archive » links for 2008-03-19 — Wed, 19 Mar 2008 22:21:05 GMT

Pingback from Inferis’ Mind Dump » Blog Archive » links for 2008-03-19

re: Tip/Trick: Integrating ASP.NET Security with Classic ASP and Non-ASP.NET URLs

Al — Mon, 30 Apr 2007 10:25:30 GMT

Hi Scott,

Would you be able to provide instructions for doing this under IIS 7?

Thanks

re: Tip/Trick: Integrating ASP.NET Security with Classic ASP and Non-ASP.NET URLs

ScottGu — Mon, 19 Mar 2007 06:37:24 GMT

Hi Eds,

The built-in web-server (aka Cassini) handles all URLs that are sent to it - and so the standard ASP.NET authentication/authorization system ends up being invoked for everything.

I blogged about this a little here: http://weblogs.asp.net/scottgu/archive/2006/01/31/437027.aspx

Thanks,

Scott

re: Tip/Trick: Integrating ASP.NET Security with Classic ASP and Non-ASP.NET URLs

Eds — Sat, 17 Mar 2007 02:39:59 GMT

Thanks Scott. I've been looking for this.

One question: why is it that the ASP.NET security works for all (non-aspx) files within my local built in server (Cassini)?

re: Tip/Trick: Integrating ASP.NET Security with Classic ASP and Non-ASP.NET URLs

Bruno — Tue, 13 Mar 2007 15:02:31 GMT

Hi Scott!

Great stuff!

I try to implement this on my IIS, and it works just like I need it for and application ASPX with one other ASP in the same virtual directory, but I have another virtual directory with an other ASPX application, that have an independent login page for authentication, and that login page doesn’t authenticated anymore since I made the change.

I have just implemented the ISAPI extension mappings, like your instructions, to the virtual directory I wanted, but it affects the other virtual directory…what I’m doing wrong?

TKS Once again!

Bruno

re: Tip/Trick: Integrating ASP.NET Security with Classic ASP and Non-ASP.NET URLs

Edstrodamous — Mon, 12 Mar 2007 23:37:09 GMT

Just a query

I came across this article while troubleshooting my existing implementation of a similar solution where i have a asp.net security wrapper around a complete asp system (stage 1 of migration to .net). With regard to the use of forms authentication using the above method it would appear that the sliding expiration for the auth cookie that is created is not being refreshed while in the internal classic asp pages and thus times out after a finite time period (mine is set to 40 min). Any ideas on how to rectify this so that the classic asp pages cause a refresh and the sliding expiration can be used?

Cheers Ed