Using IIS on Windows 2012:
I have a classic ASP site. All the pages within the site are .asp files, but I have a few that are HTML in a Virtual Directory and do not have any ASP code in them to prevent access to them. Anyone can access these HTML files without logging into the site. Is there a way to use IIS Security to prevent access to these HTML files but still allow the users that are logged into the ASP session to access them? I have tried removing Authorized Users from the permissions, I have tried using the URL Authentication to DENY ANONYMOUS . I have tried putting Application Pool permissions access only on the directory. No luck. Please help!