members-only access to all files in a directory

J

Jos

I want to create a "member zone" with restricted access to registered
members only.

I already succeeded to restrict access to ASPX files in a particular
directory using ASP.NET security.
I use Forms authentication and the <location> tag in web.config.

Is it possible with ASP.NET to apply the same restriction to all files (with
extension HTM, HTML, JPG, etc...) within a given directory?
 
C

Chris Jackson

You wouldn't do that with your web.config settings. Why? Because web.config
is read by the ASP.NET runtime, which is invoked depending on the file
extension. You could remap the other file extensions to the ASP.NET handler
(I honestly don't know what the outcome of this would be, but it is worth a
shot?) so they pick up the security - the only thing that might go wrong is
that the handler might not know what to do with these files. If you are
using Windows Authentication, you can just set this up using NTFS
permissions and not worry about that.
 
R

richlm

Yes - you can map other extensions (you can even specify .*) in the web site mappings
You could then write a HttpHandler that will intercept all requests and implement your access control logic
 
C

Chris Jackson

Yes - you can map other extensions (you can even specify .*) in the web
site mappings.
You could then write a HttpHandler that will intercept all requests and
implement your access control logic.
Click to expand...

But will it handle file types like html and jpg without writing such a
handler, just by passing them through? Or will this person need to implement
a handler to do this passthrough?
 
R

richlm

It passes through OK with no additional programming effort for static
files - i.e. ones with IE understands - jpg, txt, htm, .... (but not .asp)
So you should NOT need a HttpHandler (or a HttpModule) to do the
passthrough.

BUT I am not sure that the ASP.NET security checks (defined in web.config)
are made in all cases - e.g. it looks like .jpg are covered, but for .htm
you still get the page even if you should be denied access (on XP). So you
would perhaps still need a HttpHandler/Module to pre-process the request and
decide whether or not to pass it on or reject it.

Richard.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

I need help in understanding these files on my phone, Could someone help me understand these files? Urgent help needed. Please help. 1
How to only get a list of the names of the non-directory files incurrent directory ('.')? 8
Deny web access to a directory? 0
Securing a directory and its files with forms authentication 1
.py and .pyc files in read-only directory 3
Deny web access to a directory? 0
Preventing access to all file types in a directory using ASP.NET 2
Restricting access to sub folders and files. 1

Members online

No members online now.
Total: 24 (members: 0, guests: 24)
Robots: 118

Forum statistics

Threads
473,772
Messages
2,569,593
Members
45,111
Latest member
KetoBurn

Latest Threads

Top