file restriction - Forms authentication

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi,

I'm have an asp.NET project, and I'm using Forms authentication method. I was wondering if there is a way to deny access to files that are not .aspx...ie: Someone who tries to access somepage.aspx is prompted for a username and password. However, if someone tries to access somefile.pdf, he can do this without authentication.

Any Suggestions?

Thanks,

Ed
 
Hi Ed,

Only those file types that are mapped in IIS to the aspnet_isapi.dll are
going to be processed by Forms authentication. You have a couple of
options when it comes to PDF files.

1. Have an ASPX page that authenticates and then streams the PDF to the
browser via Response.BinaryWrite.
2. Map the PDF file type to the aspnet_isapi.dll in IIS.

Jim Cheshire, MCSE, MCSD [MSFT]
ASP.NET
Developer Support
(e-mail address removed)

This post is provided "AS-IS" with no warranties and confers no rights.

--------------------
Thread-Topic: file restriction - Forms authentication
thread-index: AcRHRzUlZFxlqk6eRWu5C6EeDelK+Q==
X-WN-Post: microsoft.public.dotnet.framework.aspnet
From: "=?Utf-8?B?RWQ=?=" <[email protected]>
Subject: file restriction - Forms authentication
Date: Mon, 31 May 2004 12:41:03 -0700
Lines: 9
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.dotnet.framework.aspnet
Path: cpmsftngxa10.phx.gbl
Xref: cpmsftngxa10.phx.gbl microsoft.public.dotnet.framework.aspnet:237315
NNTP-Posting-Host: tk2msftcmty1.phx.gbl 10.40.1.180
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

Hi,
Click to expand...

I'm have an asp.NET project, and I'm using Forms authentication method. I
was wondering if there is a way to deny access to files that are not
..aspx...ie: Someone who tries to access somepage.aspx is prompted for a
username and password. However, if someone tries to access somefile.pdf,
he can do this without authentication.

Any Suggestions?

Thanks,

Ed
 
Back
Top