If you wish to keep the on‑line help on your live website, you can limit access to the content of the help directory so that only users with the appropriate authorization are allowed to view it. Follow these steps to perform the required configuration:
- Edit your application's web.config file.
- Find the <system.webServer> section directly under the web.config root (i.e. not under a specific <location> element).
- Configure the application to handle the requests for the HTML help files:
One option is to add the runAllManagedModulesForAllRequests attribute to the <modules> element:
Setting this attribute to true ensures that the CMS application processes all types of requests and requires authentication if needed.
If you do not want the application to process all additional request types, only .html and .htm, add the following two handlers into the <handlers> element:
Adjust the path in the scriptProcessor attribute as necessary according to your specific .NET environment.
Define the authorization rules applied to the content of the CMSHelp directory by adding the following section into your web.config file:
This example only allows authenticated users to access the on‑line help files. Public users cannot reach the files through a direct URL without being prompted to log in. To further increase the security, you can restrict access only for a specific set of roles by editing the <authorization> section:
This ensures that only users who belong to the given roles (specified by their code names) have access to the directory.