Hi Jason,

I think for it to work from the IIS console the dll and all dependent dlls would have to be both signed with a strong name key and installed in the GAC. None of that is anything I want to get involved with supporting.

There is a way to do it from Web.config and I have a feeling that is all the IIS tool does is modify the Web.config.

First you need to add the attribute like this in the system.webserver modules section:

<modules runAllManagedModulesForAllRequests="true">

this makes .NET handle static files. I believe it only works with an Integrated app pool not with Classic.

Then below the main system.web section you can add location elements with their own system.web sections. For example this setting would block access to the /Data/Sites/1/media folder for anyone except users in the Admins role:

<location path ="Data/Sites/1/media">
    <system.web >
      <authorization>
        <allow roles="Admins" />
        <deny users ="*"/>
      </authorization>
    </system.web>
  </location>

On another note, the Shared Files feature was designed specifically to share files with role protection so that only users in allowed roles have access to the Shared Files instance. The way the Shared Files feature works is to store the files on disk with a .config extension which is protected by ,NET, and only if the user is in the allowed role the file is served and renamed back to its original name which is stored in the db.

Hope it helps,

Joe

Hi Jason,

If you look in the mp_Roles table you will see that roles have a RoleName and a Display name which in most cases are the same. RoleName never changes but Display name can change. The actual role name for Administrators is Admins because this is what I named it way back in 2004, though later added Display Name as Administrators.

When checking against roles it always uses the Role Name not the Display name.

Hope it helps,

Joe