Forms authentication doesn't work for downloads

  • Thread starter Thread starter Peter Afonin
  • Start date Start date
P

Peter Afonin

Hello,

I'm using Forms authentication, and it works well. If user is not
authenticated, he is routed to the login page.

However, this doesn't work for downloads. If I have a file located in the
restricted area and put a direct link to it - anyone can download it.

Why is this? I expected that people would also be routed to the login
screen. How to make this happen?

I would appreciate your help.

Thank you,
 
Forms authentication is handled by the framework - thus you likely need to
pass that type of file through the asp.net handler by mapping it in IIS...

--
Regards

John Timney
ASP.NET MVP
Microsoft Regional Director
 
Forms Auth works only for those pages/file/resources which are processed by
ASP.NET by default. That is aspx,asmx, config and such. You can tweak that
in IIS (See Applications configuration for different file extensions like
where aspx is mapped to aspnet_isapi.dll) by having the custom file
extension mapped for aspnet_isapi.dll

See this blog post for detailed explanations:

Protect PDF, DOC and other file types with Forms Authentication
http://dotnetjunkies.com/WebLog/richard.dudley/archive/2004/05/21/14215.aspx

--
Teemu Keiski
MCP, Microsoft MVP (ASP.NET), AspInsider
ASP.NET Forum Moderator, AspAlliance Columnist
http://blogs.aspadvice.com/joteke



Peter Afonin said:
Hello,

I'm using Forms authentication, and it works well. If user is not
authenticated, he is routed to the login page.Protect PDF, DOC and other
Click to expand...
file types with Forms Authentication
 
Thank you very much for your explanations!

Peter

Teemu Keiski said:
Forms Auth works only for those pages/file/resources which are processed by
ASP.NET by default. That is aspx,asmx, config and such. You can tweak that
in IIS (See Applications configuration for different file extensions like
where aspx is mapped to aspnet_isapi.dll) by having the custom file
extension mapped for aspnet_isapi.dll

See this blog post for detailed explanations:

Protect PDF, DOC and other file types with Forms Authentication
http://dotnetjunkies.com/WebLog/richard.dudley/archive/2004/05/21/14215.aspx

--
Teemu Keiski
MCP, Microsoft MVP (ASP.NET), AspInsider
ASP.NET Forum Moderator, AspAlliance Columnist
http://blogs.aspadvice.com/joteke



Peter Afonin said:
Hello,

I'm using Forms authentication, and it works well. If user is not
authenticated, he is routed to the login page.Protect PDF, DOC and other
Click to expand...
file types with Forms Authentication
Click to expand...
 
Back
Top