J
Joey
I have a web app that uses forms authentication. The app also has a
downloads section, and I need to be able to use <location> tags to
control access to the downloadable files there (preferably by directory
instead of individual file.)
I understand that this behavior does not occur by default because IIS
does only maps certain file types (i.e. "*.aspx") to asp.net by
default. In other words, any user can download files that are within
the application's protected <location> tags simply by typing the
filename's url directly into the browser window. The request never
makes it to asp.net application, because IIS does not have those file
types mapped to asp.net.
After reading a couple of posts about this problem, I thought I could
fix it by creating IIS mappings for asp.net for the different file
types. And so I did this...I created IIS mappings for asp.net for
"*.exe", "*.pdf", "*.zip" and a few others.
It all seemed to work well at first, but...users began having problems
when downloading certain files. For example, the Acrobat Reader plugin
for IE and Firefox went haywire and quit working...it would just open a
blank white window! Similar problems were experienced when trying to
download zip files.
And so, I finally figured out that the mappings I had entered were
causing the problems, and I removed them. After that, of course,
everything started working normally again.
Now, the question...This approach is obviously not the best way to
control access to the files. Who knows a better way to do this?
downloads section, and I need to be able to use <location> tags to
control access to the downloadable files there (preferably by directory
instead of individual file.)
I understand that this behavior does not occur by default because IIS
does only maps certain file types (i.e. "*.aspx") to asp.net by
default. In other words, any user can download files that are within
the application's protected <location> tags simply by typing the
filename's url directly into the browser window. The request never
makes it to asp.net application, because IIS does not have those file
types mapped to asp.net.
After reading a couple of posts about this problem, I thought I could
fix it by creating IIS mappings for asp.net for the different file
types. And so I did this...I created IIS mappings for asp.net for
"*.exe", "*.pdf", "*.zip" and a few others.
It all seemed to work well at first, but...users began having problems
when downloading certain files. For example, the Acrobat Reader plugin
for IE and Firefox went haywire and quit working...it would just open a
blank white window! Similar problems were experienced when trying to
download zip files.
And so, I finally figured out that the mappings I had entered were
causing the problems, and I removed them. After that, of course,
everything started working normally again.
Now, the question...This approach is obviously not the best way to
control access to the files. Who knows a better way to do this?