file restriction - Forms authentication

Discussion in 'ASP .Net' started by =?Utf-8?B?RWQ=?=, May 31, 2004.

  1. Hi,

    I'm have an asp.NET project, and I'm using Forms authentication method. I was wondering if there is a way to deny access to files that are not .aspx...ie: Someone who tries to access somepage.aspx is prompted for a username and password. However, if someone tries to access somefile.pdf, he can do this without authentication.

    Any Suggestions?

    Thanks,

    Ed
     
    =?Utf-8?B?RWQ=?=, May 31, 2004
    #1
    1. Advertisements

  2. Hi Ed,

    Only those file types that are mapped in IIS to the aspnet_isapi.dll are
    going to be processed by Forms authentication. You have a couple of
    options when it comes to PDF files.

    1. Have an ASPX page that authenticates and then streams the PDF to the
    browser via Response.BinaryWrite.
    2. Map the PDF file type to the aspnet_isapi.dll in IIS.

    Jim Cheshire, MCSE, MCSD [MSFT]
    ASP.NET
    Developer Support


    This post is provided "AS-IS" with no warranties and confers no rights.

    --------------------
    >Thread-Topic: file restriction - Forms authentication
    >thread-index: AcRHRzUlZFxlqk6eRWu5C6EeDelK+Q==
    >X-WN-Post: microsoft.public.dotnet.framework.aspnet
    >From: "=?Utf-8?B?RWQ=?=" <>
    >Subject: file restriction - Forms authentication
    >Date: Mon, 31 May 2004 12:41:03 -0700
    >Lines: 9
    >Message-ID: <>
    >MIME-Version: 1.0
    >Content-Type: text/plain;
    > charset="Utf-8"
    >Content-Transfer-Encoding: 7bit
    >X-Newsreader: Microsoft CDO for Windows 2000
    >Content-Class: urn:content-classes:message
    >Importance: normal
    >Priority: normal
    >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    >Newsgroups: microsoft.public.dotnet.framework.aspnet
    >Path: cpmsftngxa10.phx.gbl
    >Xref: cpmsftngxa10.phx.gbl microsoft.public.dotnet.framework.aspnet:237315
    >NNTP-Posting-Host: tk2msftcmty1.phx.gbl 10.40.1.180
    >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
    >
    >Hi,


    I'm have an asp.NET project, and I'm using Forms authentication method. I
    was wondering if there is a way to deny access to files that are not
    ..aspx...ie: Someone who tries to access somepage.aspx is prompted for a
    username and password. However, if someone tries to access somefile.pdf,
    he can do this without authentication.

    Any Suggestions?

    Thanks,

    Ed
    >
     
    Jim Cheshire [MSFT], Jun 1, 2004
    #2
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Eric
    Replies:
    2
    Views:
    1,756
    Tommy
    Feb 13, 2004
  2. z f
    Replies:
    2
    Views:
    5,271
  3. JEFF
    Replies:
    1
    Views:
    1,233
    =?Utf-8?B?YnJpYW5zW01DU0Rd?=
    Nov 12, 2007
  4. Keltex
    Replies:
    1
    Views:
    544
    Dominick Baier [DevelopMentor]
    Jan 24, 2006
  5. Eric
    Replies:
    2
    Views:
    897
Loading...