Protect file with different extension from .aspx

[Alessandro Zucchi]

Hi,
I'm developing an asp.net application. I'm using form authentication.
All runs with page aspx, but when I try to connect to a protected file
diverse to an aspx (such as a PDF file) and I'm not authenticated , the
application download the file instead of redirect to the predefined login
page.
Anyone can help me ?

Best regards
alex

 

[Teemu Keiski]

Hi,

see this blog post

Protect PDF, DOC and other file types with Forms Authentication
http://dotnetjunkies.com/WebLog/richard.dudley/archive/2004/05/21/14215.aspx

 

[Juan Antonio Tubío]

Hello!

I have the same problem!! I already have tested the 'ISAPI ASP.NET
Filter Redirection' for .htm and .html files and it works fine!!

But what i can do for .pdf files? I want that user can read this files
directly in the internet explorer window without need to download them...

Any Idea?

Thank you in advance.

Best Regards,
Juan Antonio

gabe garza escribió:

 

[Juan Antonio Tubío]

I think that the best solution is a 'mixed authentication' between
'windows authentication' and 'forms authentication'. Setup 'Windows
Authentication' to protect a full folder (automatically for all file
types) and when the user try to access them, show a login form (can
check the user in a custom database) and 'internally' do a 'Windows
Login' with a Windows User.

But i don't know hot to do it..

gabe garza escribió:

 

[gabe garza]

Juan,

Technically the PDF file has to be sent to the client browser so matter
what, it's still "downloading" no matter how you look at it.

Just make sure to set the Content-Type and Content-Disposition properly in a
"getfile.aspx" or what every you named the aspx file.
The PDF file, if the client has installed Acrobat Reader, will display the
PDF in IE, Firefox, Safari, etc...
If a client hasn't installed Acrobat Reader then they'll get a "Open", "Save
As" dialog box.

Gabe

 

[Yahoo]

There are two main ways to accomplish this...

1) have asp.net protect the file
2) have windows ntsf protect the file

For 1).
You need to have IIS send the requested file to ASP.NET. To accomplish this
go into IIS application virtual directory->Home Directory->Mappings.
Edit/Add the .pdf to the asp.net frameworks executable path (see .aspx).
Uncheck check file exists. Now asp.net will now receive the request. From
here you might want to implement a httpHandler and stream the file out.

For 2).
Create a new role in windows called 'pdfer' or whatever. Set all prfs to be
read by this role (and sysem admin and so forth) but not iusr_xxx. When
doing form authentication, set the identity of this user to also include
this role.

Hope that helps
Joe

 

[Juan Antonio Tubio]

Hello:

The first option i think is the best, but i don't have developped
never a httpHandler, ¿you know any page with a sample?

For the second option, i think it's too a good solution but if the
user write in the browser directly the link for the pdf file, the
broser show a 'Windows Authentication' form, i don't know how to avoid
this!!

Thank you Joe, you have put me in the good way.