File download

[Ldraw]

I am using forms authentication to prevent users from accessing a download
page unless there username and password are correct. This is working find
but I need some help understanding how to protect the internal files they
will be downloading. I don't want users to access the download files unless
they have used the login page. Currently anyone who has the address is
presented with the download dialog.

 

[ManniAT]

Hi Ldraw,

in IIS configuration you can choose who is handling your files.
Just open the properties of your site and look at application configuration.

There you will find the file asignments.
And you will see, that (for an example) ASPX is assined to something like
c:\windows\microsoft.net\framework\v2.0.50215\aspnet_isapi.dll
Now use one of this .NET assignments choose Edit at ASPX and copy the path of the assigned path.
Next ADD your file extension (your dowloads have - zip for an example) and assigne it to
the path you copied before.

This in fact means that from now on .NET will handle requests to this file and the security takes place.

We do this normaly for HTM and HTML when we have a site with such files.

HTH

Manfred