Protect non-page files; asp.net;IIS

Question:

Hello my friends ,

not a hard question

I have asite with forms authentication defined ,
I have role security enabled ,
we have the Support part of the site with role based security
that we only allow are customers to visit this part ,
There are files for each customer seperated in an individual folder for t hat customer
now , when customer logged in , if they know the name of a file they can get also files for other customers ,
that we dont want to allow that ,
for example for doing so , I also tried making web.config files inside each customer's page , and only allow that user , with other users denied , but this wont work for those files (in zip/rar format) ,
Is there anyway to protect these files ?

I tried in win Xp , maybe in server we have better options ,

any help would be appreciated , thx

 

Answer:

Those steps tested work in IIS6:

1.Open IIS manager console.(IIS6 in my Windows Server 2003)

2.Right-click web site or virtual directory and select Properties

3.Choose Directory or Home Directory tab

4. you will find Configuration button under Application Settings, click it.

5.Insert Wildcard application maps: click Insert... and input

    C:/WINDOWS/Microsoft.NET/Framework/v2.0.50727/aspnet_isapi.dll (it is this aspnet_isapi in my computer, it may a little bit different in yours)

6. Ok, restart your IIS, and take a try.

Hope this helps

Thanks

 

 

http://forums.asp.net/p/1359392/2812046.aspx#2812046