Forms authentication doesn't work for downloads

P

Peter Afonin

Hello,

I'm using Forms authentication, and it works well. If user is not
authenticated, he is routed to the login page.

However, this doesn't work for downloads. If I have a file located in the
restricted area and put a direct link to it - anyone can download it.

Why is this? I expected that people would also be routed to the login
screen. How to make this happen?

I would appreciate your help.

Thank you,
 
J

John Timney \(ASP.NET MVP\)

Forms authentication is handled by the framework - thus you likely need to
pass that type of file through the asp.net handler by mapping it in IIS...

--
Regards

John Timney
ASP.NET MVP
Microsoft Regional Director
 
T

Teemu Keiski

Forms Auth works only for those pages/file/resources which are processed by
ASP.NET by default. That is aspx,asmx, config and such. You can tweak that
in IIS (See Applications configuration for different file extensions like
where aspx is mapped to aspnet_isapi.dll) by having the custom file
extension mapped for aspnet_isapi.dll

See this blog post for detailed explanations:

Protect PDF, DOC and other file types with Forms Authentication
http://dotnetjunkies.com/WebLog/richard.dudley/archive/2004/05/21/14215.aspx

--
Teemu Keiski
MCP, Microsoft MVP (ASP.NET), AspInsider
ASP.NET Forum Moderator, AspAlliance Columnist
http://blogs.aspadvice.com/joteke



Peter Afonin said:
Hello,

I'm using Forms authentication, and it works well. If user is not
authenticated, he is routed to the login page.Protect PDF, DOC and other
Click to expand...
file types with Forms Authentication
 
P

Peter Afonin

Thank you very much for your explanations!

Peter

Teemu Keiski said:
Forms Auth works only for those pages/file/resources which are processed by
ASP.NET by default. That is aspx,asmx, config and such. You can tweak that
in IIS (See Applications configuration for different file extensions like
where aspx is mapped to aspnet_isapi.dll) by having the custom file
extension mapped for aspnet_isapi.dll

See this blog post for detailed explanations:

Protect PDF, DOC and other file types with Forms Authentication
http://dotnetjunkies.com/WebLog/richard.dudley/archive/2004/05/21/14215.aspx

--
Teemu Keiski
MCP, Microsoft MVP (ASP.NET), AspInsider
ASP.NET Forum Moderator, AspAlliance Columnist
http://blogs.aspadvice.com/joteke



Peter Afonin said:
Hello,

I'm using Forms authentication, and it works well. If user is not
authenticated, he is routed to the login page.Protect PDF, DOC and other
Click to expand...
file types with Forms Authentication
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Google analytics doesn't work with google forms 0
Problem with my forms authentication 1
Integrating two web applications using forms authentication 6
Forms authentication with Active Directory 0
Forms Authentication timeout doesn't work 0
Can't use forms authentication when using IIS 5
Missing Web log Entry's for file downloads 0
Custom Authentication 1

Members online

Total: 34 (members: 2, guests: 32)
Robots: 411

Forum statistics

Threads
473,768
Messages
2,569,575
Members
45,051
Latest member
CarleyMcCr

Latest Threads

Top