Restrict access to resources like .doc, .ppt etc in .net forms authentication application

[Gaurav]

Hi,

We are developing a .NET app which has forms authentication. When the
user types in the direct URL of an aspx page on the browser, he will
be thrown to the login page. But if the URL points to a .txt or .doc
file, the document is displayed even though the user is not
authenticated.

How do we stop this such that the user has to login to the application
and then view the documents.

Thanks and Regards,
Gaurav

 

[Steve C. Orr [MVP, MCSD]]

In IIS you can associate these file types with ASP.NET so they will be
managed by Forms Authentication.

Another technique is to store these files somewhere else, such as a database
or a secured directory.
Then you can take manual control of them and only dish them out when you
choose by using functions such as Response.WriteFile
http://msdn.microsoft.com/library/d...fsystemwebhttpresponseclasswritefiletopic.asp

 

[GK]

Hi,
Thanks for the reply.

We tried your solution but the problem that we are facing is that this
works only with the .txt files. This is not working with the Word or PPT
or the Excel files.

Do I need to change the MIME type for these?

regards,
Gaurav