3

I want to be able to deny access to all but a defined set of IP addresses for a particular .axd in IIS.

At the moment, I'm doing this in the code for the axd (it's a managed handler written in C#)

Is there a way I can do this through configuration (ideally changing web.config) ?

Thanks!

Wim Coenen
  • 66,094
  • 13
  • 157
  • 251
Kram
  • 4,099
  • 4
  • 39
  • 60
  • I'm sure this could be done but would require a non trivial amount of custom code. It sounds like you are trying to implement file level security access "the hard way" (ip security at the application level). Is there any other forms of authorization used in the application that you can utilize or possibly firewall restrictions that could be used? – Quintin Robinson Mar 07 '11 at 16:24
  • Thanks for reply - I'm not sure, is the honest answer. I'm somewhat limited to IIS/ASP.Net-specific configuration really. – Kram Apr 13 '11 at 18:19
  • I have the same problem but in IIS6. Did you solve this? – Niels Bosma Sep 16 '11 at 13:24

1 Answers1

1

Here is how I did this using IIS6:

  • Create a dummy blank text file for the handler in the proper directory myhandler.axd
  • Navigate to the file in IIS Manager, Right-Click, Properties
  • Set authentication, IP address restrictions in the File Security tab

Caution: the settings seem to persist even if the dummy file is deleted.

Hugh Jeffner
  • 2,936
  • 4
  • 32
  • 31