7.9. Authorizing Classic ASP with IIS 7.0 Integrated Mode

This section is not going to repeat what has already been mentioned in the section on authenticating classic ASP with the IIS 7.0 integrated mode. As you have seen in the above section, authorizing classic ASP pages residing inside an ASP.NET application that runs under the classic .NET application pool inside IIS 7.0 requires no additional steps compared to authorizing ASP.NET resources in terms of configuration settings. The only required configuration is the wildcard mapping so that the ASP.NET engine gets the chance to receive classic ASP page requests for several sorts of processing needed.

The authorization for non-ASP.NET resources is no different from the authentication of non-ASP.NET resources in an application that is running in the integrated mode. No extension mappings are needed because the ASP.NET engine automatically has access to every request that comes into the IIS web server; hence, the mapping is done automatically for you by the IIS 7.0 web server core engine.

What is left for you as a developer to enable and make use of ASP.NET authorization modules on non-ASP.NET resources is to change some configuration settings inside the application's web.config configuration file.

For the sake of showing how to authorize non-ASP.NET resources, I will show you how the managed UrlAuthorizationModule is defined inside the <modules> configuration section under the <system.webServer> configuration section group located ...

Get Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.