forms-based authentication

Discussion in 'ASP .Net' started by Vic, Oct 29, 2003.

  1. Vic

    Vic Guest

    I am trying to implement a forms-based authentication on my website, so some
    directories will have web.config file which will deny certain users, based
    on role, etc. The problem I encountered is that it's only asp.net files (or
    the files with the extension mapped to aspnet_isapi.dll) are the ones being
    secured.

    The solution I found is to map all of the extension I'd keep in my secured
    directory to aspnet_isapi.dll.

    I am planning to map .htm, *.exe, and *.shtm files to be processed by .NET.
    How is it going to affect the performance of the site? Is there another way
    of achieving the same thing?

    Thanks,
    Vic
     
    Vic, Oct 29, 2003
    #1
    1. Advertising

  2. I accomplished this in a recent project by putting other files in a private
    directory.
    Then when I needed to send one of the files to the user, I'd use
    Response.WriteFile to grab the file from the private directory and output it
    to the user. Of couse the ASPNET user account needs read access to the
    private directory.
    I used code similar to this:
    Response.Clear();
    Response.AddHeader("Content-Disposition","inline;filename=myfile.doc");
    Response.WriteFile("c:\privatedir\myfile.doc");

    --
    I hope this helps,
    Steve C. Orr, MCSD, MVP
    http://Steve.Orr.net
    Hire top-notch developers at http://www.able-consulting.com




    "Vic" <> wrote in message
    news:...
    > I am trying to implement a forms-based authentication on my website, so

    some
    > directories will have web.config file which will deny certain users, based
    > on role, etc. The problem I encountered is that it's only asp.net files

    (or
    > the files with the extension mapped to aspnet_isapi.dll) are the ones

    being
    > secured.
    >
    > The solution I found is to map all of the extension I'd keep in my secured
    > directory to aspnet_isapi.dll.
    >
    > I am planning to map .htm, *.exe, and *.shtm files to be processed by

    ..NET.
    > How is it going to affect the performance of the site? Is there another

    way
    > of achieving the same thing?
    >
    > Thanks,
    > Vic
    >
    >
     
    Steve C. Orr [MVP, MCSD], Oct 29, 2003
    #2
    1. Advertising

  3. "Vic" <> wrote in message
    news:...
    > I am trying to implement a forms-based authentication on my website, so

    some
    > directories will have web.config file which will deny certain users, based
    > on role, etc. The problem I encountered is that it's only asp.net files

    (or
    > the files with the extension mapped to aspnet_isapi.dll) are the ones

    being
    > secured.
    >
    > The solution I found is to map all of the extension I'd keep in my secured
    > directory to aspnet_isapi.dll.
    >
    > I am planning to map .htm, *.exe, and *.shtm files to be processed by

    ..NET.
    > How is it going to affect the performance of the site? Is there another

    way
    > of achieving the same thing?


    The only way to find out how it performs is to try it.

    As a general statement, consider that it shouldn't be any worse than the
    performance of processing ASP.NET files, which have to deal with executing
    code and possibly even compiling it.

    One thing to be aware of: the StaticFileHandler which ASP.NET uses for these
    file types seems to read the entire file into memory before sending it out.
    This can be an issue for huge files...
    --
    John
     
    John Saunders, Oct 29, 2003
    #3
  4. Vic

    Vic Guest

    Thanks, John.

    I think it's not such a hot idea, since some of the files are more than
    20MB...

    I'll probably use Steve's approach:
    Response.WriteFile("c:\privatedir\myfile.doc");

    Of course, this could also load the file in the memory first...

    Thanks,
    Vic

    "John Saunders" <john.saunders at surfcontrol.com> wrote in message
    news:%...
    > "Vic" <> wrote in message
    > news:...
    > > I am trying to implement a forms-based authentication on my website, so

    > some
    > > directories will have web.config file which will deny certain users,

    based
    > > on role, etc. The problem I encountered is that it's only asp.net files

    > (or
    > > the files with the extension mapped to aspnet_isapi.dll) are the ones

    > being
    > > secured.
    > >
    > > The solution I found is to map all of the extension I'd keep in my

    secured
    > > directory to aspnet_isapi.dll.
    > >
    > > I am planning to map .htm, *.exe, and *.shtm files to be processed by

    > .NET.
    > > How is it going to affect the performance of the site? Is there another

    > way
    > > of achieving the same thing?

    >
    > The only way to find out how it performs is to try it.
    >
    > As a general statement, consider that it shouldn't be any worse than the
    > performance of processing ASP.NET files, which have to deal with executing
    > code and possibly even compiling it.
    >
    > One thing to be aware of: the StaticFileHandler which ASP.NET uses for

    these
    > file types seems to read the entire file into memory before sending it

    out.
    > This can be an issue for huge files...
    > --
    > John
    >
    >
     
    Vic, Oct 30, 2003
    #4
  5. Vic

    Vic Guest

    Thanks, Steve.

    It sure does help...

    Vic

    "Steve C. Orr [MVP, MCSD]" <> wrote in message
    news:%...
    > I accomplished this in a recent project by putting other files in a

    private
    > directory.
    > Then when I needed to send one of the files to the user, I'd use
    > Response.WriteFile to grab the file from the private directory and output

    it
    > to the user. Of couse the ASPNET user account needs read access to the
    > private directory.
    > I used code similar to this:
    > Response.Clear();
    > Response.AddHeader("Content-Disposition","inline;filename=myfile.doc");
    > Response.WriteFile("c:\privatedir\myfile.doc");
    >
    > --
    > I hope this helps,
    > Steve C. Orr, MCSD, MVP
    > http://Steve.Orr.net
    > Hire top-notch developers at http://www.able-consulting.com
    >
    >
    >
    >
    > "Vic" <> wrote in message
    > news:...
    > > I am trying to implement a forms-based authentication on my website, so

    > some
    > > directories will have web.config file which will deny certain users,

    based
    > > on role, etc. The problem I encountered is that it's only asp.net files

    > (or
    > > the files with the extension mapped to aspnet_isapi.dll) are the ones

    > being
    > > secured.
    > >
    > > The solution I found is to map all of the extension I'd keep in my

    secured
    > > directory to aspnet_isapi.dll.
    > >
    > > I am planning to map .htm, *.exe, and *.shtm files to be processed by

    > .NET.
    > > How is it going to affect the performance of the site? Is there another

    > way
    > > of achieving the same thing?
    > >
    > > Thanks,
    > > Vic
    > >
    > >

    >
    >
     
    Vic, Oct 30, 2003
    #5
  6. Vic

    Vic Guest

    Steve.

    Is there an easy way to simulate the Save As behavior with
    Response.WriteFile() ? I want user to prompted with the Save As dialog and
    the file to be downloaded to the specified location on user's PC, instead of
    dumping it into the page.

    Thanks in advance.

    Vic


    "Steve C. Orr [MVP, MCSD]" <> wrote in message
    news:%...
    > I accomplished this in a recent project by putting other files in a

    private
    > directory.
    > Then when I needed to send one of the files to the user, I'd use
    > Response.WriteFile to grab the file from the private directory and output

    it
    > to the user. Of couse the ASPNET user account needs read access to the
    > private directory.
    > I used code similar to this:
    > Response.Clear();
    > Response.AddHeader("Content-Disposition","inline;filename=myfile.doc");
    > Response.WriteFile("c:\privatedir\myfile.doc");
    >
    > --
    > I hope this helps,
    > Steve C. Orr, MCSD, MVP
    > http://Steve.Orr.net
    > Hire top-notch developers at http://www.able-consulting.com
    >
    >
    >
    >
    > "Vic" <> wrote in message
    > news:...
    > > I am trying to implement a forms-based authentication on my website, so

    > some
    > > directories will have web.config file which will deny certain users,

    based
    > > on role, etc. The problem I encountered is that it's only asp.net files

    > (or
    > > the files with the extension mapped to aspnet_isapi.dll) are the ones

    > being
    > > secured.
    > >
    > > The solution I found is to map all of the extension I'd keep in my

    secured
    > > directory to aspnet_isapi.dll.
    > >
    > > I am planning to map .htm, *.exe, and *.shtm files to be processed by

    > .NET.
    > > How is it going to affect the performance of the site? Is there another

    > way
    > > of achieving the same thing?
    > >
    > > Thanks,
    > > Vic
    > >
    > >

    >
    >
     
    Vic, Oct 30, 2003
    #6
  7. "Vic" <> wrote in message
    news:...
    > Thanks, John.
    >
    > I think it's not such a hot idea, since some of the files are more than
    > 20MB...
    >
    > I'll probably use Steve's approach:
    > Response.WriteFile("c:\privatedir\myfile.doc");
    >
    > Of course, this could also load the file in the memory first...


    Victor,

    In a similar case, I wrote a asynchronous HttpHandler (implementing
    IHttpAsyncHandler) to handle product downloads from our site. I found the
    following article very helpful in that:

    Use Threads and Build Asynchronous Handlers in Your Server-Side Web Code
    (http://msdn.microsoft.com/msdnmag/issues/03/06/Threading/default.aspx).

    I hope that helps,
    John
     
    John Saunders, Oct 30, 2003
    #7
  8. change inline to attachment on the Response.Addheader line.
    Like this:
    Response.AddHeader("Content-Disposition","attachment;filename=myfile.doc");

    --
    I hope this helps,
    Steve C. Orr, MCSD, MVP
    http://Steve.Orr.net
    Hire top-notch developers at http://www.able-consulting.com



    "Vic" <> wrote in message
    news:...
    > Steve.
    >
    > Is there an easy way to simulate the Save As behavior with
    > Response.WriteFile() ? I want user to prompted with the Save As dialog and
    > the file to be downloaded to the specified location on user's PC, instead

    of
    > dumping it into the page.
    >
    > Thanks in advance.
    >
    > Vic
    >
    >
    > "Steve C. Orr [MVP, MCSD]" <> wrote in message
    > news:%...
    > > I accomplished this in a recent project by putting other files in a

    > private
    > > directory.
    > > Then when I needed to send one of the files to the user, I'd use
    > > Response.WriteFile to grab the file from the private directory and

    output
    > it
    > > to the user. Of couse the ASPNET user account needs read access to the
    > > private directory.
    > > I used code similar to this:
    > > Response.Clear();
    > > Response.AddHeader("Content-Disposition","inline;filename=myfile.doc");
    > > Response.WriteFile("c:\privatedir\myfile.doc");
    > >
    > > --
    > > I hope this helps,
    > > Steve C. Orr, MCSD, MVP
    > > http://Steve.Orr.net
    > > Hire top-notch developers at http://www.able-consulting.com
    > >
    > >
    > >
    > >
    > > "Vic" <> wrote in message
    > > news:...
    > > > I am trying to implement a forms-based authentication on my website,

    so
    > > some
    > > > directories will have web.config file which will deny certain users,

    > based
    > > > on role, etc. The problem I encountered is that it's only asp.net

    files
    > > (or
    > > > the files with the extension mapped to aspnet_isapi.dll) are the ones

    > > being
    > > > secured.
    > > >
    > > > The solution I found is to map all of the extension I'd keep in my

    > secured
    > > > directory to aspnet_isapi.dll.
    > > >
    > > > I am planning to map .htm, *.exe, and *.shtm files to be processed by

    > > .NET.
    > > > How is it going to affect the performance of the site? Is there

    another
    > > way
    > > > of achieving the same thing?
    > > >
    > > > Thanks,
    > > > Vic
    > > >
    > > >

    > >
    > >

    >
    >
     
    Steve C. Orr [MVP, MCSD], Oct 30, 2003
    #8
  9. Vic

    Vic Guest

    Thanks Steve. It works perfectly.

    Vic
    "Steve C. Orr [MVP, MCSD]" <> wrote in message
    news:...
    > change inline to attachment on the Response.Addheader line.
    > Like this:
    >

    Response.AddHeader("Content-Disposition","attachment;filename=myfile.doc");
    >
    > --
    > I hope this helps,
    > Steve C. Orr, MCSD, MVP
    > http://Steve.Orr.net
    > Hire top-notch developers at http://www.able-consulting.com
    >
    >
    >
    > "Vic" <> wrote in message
    > news:...
    > > Steve.
    > >
    > > Is there an easy way to simulate the Save As behavior with
    > > Response.WriteFile() ? I want user to prompted with the Save As dialog

    and
    > > the file to be downloaded to the specified location on user's PC,

    instead
    > of
    > > dumping it into the page.
    > >
    > > Thanks in advance.
    > >
    > > Vic
    > >
    > >
    > > "Steve C. Orr [MVP, MCSD]" <> wrote in message
    > > news:%...
    > > > I accomplished this in a recent project by putting other files in a

    > > private
    > > > directory.
    > > > Then when I needed to send one of the files to the user, I'd use
    > > > Response.WriteFile to grab the file from the private directory and

    > output
    > > it
    > > > to the user. Of couse the ASPNET user account needs read access to

    the
    > > > private directory.
    > > > I used code similar to this:
    > > > Response.Clear();
    > > >

    Response.AddHeader("Content-Disposition","inline;filename=myfile.doc");
    > > > Response.WriteFile("c:\privatedir\myfile.doc");
    > > >
    > > > --
    > > > I hope this helps,
    > > > Steve C. Orr, MCSD, MVP
    > > > http://Steve.Orr.net
    > > > Hire top-notch developers at http://www.able-consulting.com
    > > >
    > > >
    > > >
    > > >
    > > > "Vic" <> wrote in message
    > > > news:...
    > > > > I am trying to implement a forms-based authentication on my website,

    > so
    > > > some
    > > > > directories will have web.config file which will deny certain users,

    > > based
    > > > > on role, etc. The problem I encountered is that it's only asp.net

    > files
    > > > (or
    > > > > the files with the extension mapped to aspnet_isapi.dll) are the

    ones
    > > > being
    > > > > secured.
    > > > >
    > > > > The solution I found is to map all of the extension I'd keep in my

    > > secured
    > > > > directory to aspnet_isapi.dll.
    > > > >
    > > > > I am planning to map .htm, *.exe, and *.shtm files to be processed

    by
    > > > .NET.
    > > > > How is it going to affect the performance of the site? Is there

    > another
    > > > way
    > > > > of achieving the same thing?
    > > > >
    > > > > Thanks,
    > > > > Vic
    > > > >
    > > > >
    > > >
    > > >

    > >
    > >

    >
    >
     
    Vic, Nov 4, 2003
    #9
  10. Vic

    Vic Guest

    Thanks John.

    I read article -- it sure does make sense making those downloads a separate
    thread.

    Vic
    "John Saunders" <john.saunders at surfcontrol.com> wrote in message
    news:...
    > "Vic" <> wrote in message
    > news:...
    > > Thanks, John.
    > >
    > > I think it's not such a hot idea, since some of the files are more than
    > > 20MB...
    > >
    > > I'll probably use Steve's approach:
    > > Response.WriteFile("c:\privatedir\myfile.doc");
    > >
    > > Of course, this could also load the file in the memory first...

    >
    > Victor,
    >
    > In a similar case, I wrote a asynchronous HttpHandler (implementing
    > IHttpAsyncHandler) to handle product downloads from our site. I found the
    > following article very helpful in that:
    >
    > Use Threads and Build Asynchronous Handlers in Your Server-Side Web Code
    > (http://msdn.microsoft.com/msdnmag/issues/03/06/Threading/default.aspx).
    >
    > I hope that helps,
    > John
    >
    >
     
    Vic, Nov 4, 2003
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rob
    Replies:
    4
    Views:
    1,041
  2. Rob
    Replies:
    1
    Views:
    579
    Mike Moore [MSFT]
    Jan 5, 2004
  3. Eric
    Replies:
    2
    Views:
    1,526
    Tommy
    Feb 13, 2004
  4. Keltex
    Replies:
    1
    Views:
    419
    Dominick Baier [DevelopMentor]
    Jan 24, 2006
  5. Eric
    Replies:
    2
    Views:
    595
Loading...

Share This Page