Firefox bypass form authorization for doc/pdf files?

Discussion in 'ASP .Net' started by =?Utf-8?B?bmljaw==?=, Jul 3, 2006.

  1. I have create a Asp.net 2.0 application empsite with form authorization.

    And I have create an entry in IIS application mapping:
    ..doc => C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll

    I tried http://localhost/empsite/Documents/BenefitsSummary.doc on IE and it
    will be redirected to login page.

    However, it does't redirect to login page and the url can download the file
    directly.

    Did I missed any setting?
    =?Utf-8?B?bmljaw==?=, Jul 3, 2006
    #1
    1. Advertising

  2. =?Utf-8?B?bmljaw==?=

    Hans Kesting Guest

    > I have create a Asp.net 2.0 application empsite with form authorization.
    >
    > And I have create an entry in IIS application mapping:
    > .doc => C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
    >
    > I tried http://localhost/empsite/Documents/BenefitsSummary.doc on IE and it
    > will be redirected to login page.
    >
    > However, it does't redirect to login page and the url can download the file
    > directly.
    >
    > Did I missed any setting?


    Don't know why IIS handles FF-requests differently from IE-requests.

    A different approach would be not to use direct links to your
    docs/pdfs, but to use something like
    download.aspx?file=BenefitsSummary.doc

    This download.aspx could perform extra security checks. If everything
    is OK, then it can do a Response.WriteFile() to upload the file (which
    is stored in a directory outside of the website, so no direct requests
    are possible) to the requesting browser.
    Note: you don't want any html in the "aspx" part.

    Hans Kesting
    Hans Kesting, Jul 4, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Matt
    Replies:
    3
    Views:
    484
    Tor Iver Wilhelmsen
    Sep 17, 2004
  2. SeanRW
    Replies:
    1
    Views:
    350
    Dominick Baier [DevelopMentor]
    May 25, 2006
  3. NotGiven
    Replies:
    3
    Views:
    332
    Michael D. Kersey
    May 13, 2004
  4. Ricardo Pog
    Replies:
    1
    Views:
    400
    Austin Ziegler
    Mar 26, 2008
  5. NotGiven
    Replies:
    3
    Views:
    291
    Michael D. Kersey
    May 13, 2004
Loading...

Share This Page