Firefox bypass form authorization for doc/pdf files?

[Guest]

I have create a Asp.net 2.0 application empsite with form authorization.

And I have create an entry in IIS application mapping:
..doc => C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll

I tried http://localhost/empsite/Documents/BenefitsSummary.doc on IE and it
will be redirected to login page.

However, it does't redirect to login page and the url can download the file
directly.

Did I missed any setting?

 

[Hans Kesting]

I have create a Asp.net 2.0 application empsite with form authorization.

And I have create an entry in IIS application mapping:
.doc => C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll

I tried http://localhost/empsite/Documents/BenefitsSummary.doc on IE and it
will be redirected to login page.

However, it does't redirect to login page and the url can download the file
directly.

Did I missed any setting?

Don't know why IIS handles FF-requests differently from IE-requests.

A different approach would be not to use direct links to your
docs/pdfs, but to use something like
download.aspx?file=BenefitsSummary.doc

This download.aspx could perform extra security checks. If everything
is OK, then it can do a Response.WriteFile() to upload the file (which
is stored in a directory outside of the website, so no direct requests
are possible) to the requesting browser.
Note: you don't want any html in the "aspx" part.

Hans Kesting