M
Michael Tissington
How can I use Forms Authentication to give clients access to download
specific exe files?
Thanks.
specific exe files?
Thanks.
L
Lauchlan M
How can I use Forms Authentication to give clients access to download
I answered this in your other thread.
Lauchlan M
I answered this in your other thread.
Lauchlan M
M
Michael Tissington
Well it does not quite work ... of course I maybe doing something wrong 
Before I add the mapping ASP.NET security does nothing and I can download
the file.
After I add the mapping then the Forms Authentication works. HOWEVER the
file is NOT downloaded, I simply get a blank page ...
Any ideas please.
Before I add the mapping ASP.NET security does nothing and I can download
the file.
After I add the mapping then the Forms Authentication works. HOWEVER the
file is NOT downloaded, I simply get a blank page ...
Any ideas please.
L
Lauchlan M
Before I add the mapping ASP.NET security does nothing and I can download
Well, that's working then! <g>
What do you want it to do? You don't want it to go the requested resource,
because they don't have permission for it. I don't want to spend the time
looking this up for you, but I expect you would have to generate/handle some
sort of error code (like 404 page not found, but something custom) and
provide a page to tell the user they did not have access to that page. Or
you log them out, or redirect them to the home page, or whatever you want to
do.
Maybe you might want to ask on one of the MS IIS newgroups as well, since it
is much an IIS question as an ASP.NET one.
FWIW, I handle this in one of the globa.asax methods (ie before the page is
loaded), and if they are trying to access a resource they don't have
permissions for, I log them out and bounce them back to the login page, with
a message telling them they were getting out of line (not in those words of
course . . .).
HTH
Lauchlan M
Well, that's working then! <g>
What do you want it to do? You don't want it to go the requested resource,
because they don't have permission for it. I don't want to spend the time
looking this up for you, but I expect you would have to generate/handle some
sort of error code (like 404 page not found, but something custom) and
provide a page to tell the user they did not have access to that page. Or
you log them out, or redirect them to the home page, or whatever you want to
do.
Maybe you might want to ask on one of the MS IIS newgroups as well, since it
is much an IIS question as an ASP.NET one.
FWIW, I handle this in one of the globa.asax methods (ie before the page is
loaded), and if they are trying to access a resource they don't have
permissions for, I log them out and bounce them back to the login page, with
a message telling them they were getting out of line (not in those words of
course . . .).
HTH
Lauchlan M
M
Michael Tissington
I think I might not have been clear ....
After I have done the mapping then the exe file is only available after they
have logged in. However I want them to be able to download the EXE and
instead all they get is a blank page ...
After I have done the mapping then the exe file is only available after they
have logged in. However I want them to be able to download the EXE and
instead all they get is a blank page ...
L
Lauchlan M
I don't know. Try on the IIS group, since this mapping stuff is IIS related.
Or maybe someone else will chip in.
Good luck
Lauchlan M
M
MSFT
Hi Michael,
I test following steps on windows server 2003 (IIS 6.0) and they seems to
be able to resolve the problem.
In IIS Manager, right click the virtual folder and select
"Properties/Directory". Click "Configration" button, and then add an
application extension:
executable: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
extension .exe
restart IIS. When I input following link in IE:
Http://localhost/webapplication1/cc.exe
It will first redirct to the login form and then pop up the download
dialog. ("webApplication1" has been set with Form Authentication)
Hope this help,
Luke
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
I test following steps on windows server 2003 (IIS 6.0) and they seems to
be able to resolve the problem.
In IIS Manager, right click the virtual folder and select
"Properties/Directory". Click "Configration" button, and then add an
application extension:
executable: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
extension .exe
restart IIS. When I input following link in IE:
Http://localhost/webapplication1/cc.exe
It will first redirct to the login form and then pop up the download
dialog. ("webApplication1" has been set with Form Authentication)
Hope this help,
Luke
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
M
Michael Tissington
Luke,
When I do this and I click on my 'exe' link I do get my forms authentication
page but then I get a blank page, the download of the exe does not happen.
When I do this and I click on my 'exe' link I do get my forms authentication
page but then I get a blank page, the download of the exe does not happen.
M
MSFT
Hi Michael,
If it is not form authentication, what will happen? And your framework and
IIS version?
Luke
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
If it is not form authentication, what will happen? And your framework and
IIS version?
Luke
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
M
Michael Tissington
If I don't use any authentication then when I click on the link I can
download the exe.
With forms authentication, after being authenticated I get a blank page.
This is running on Windows 2003 (so I assume IIS 6 with the latest
Framework)
download the exe.
With forms authentication, after being authenticated I get a blank page.
This is running on Windows 2003 (so I assume IIS 6 with the latest
Framework)
M
MSFT
Hi Michael,
If you create a new virtual folder and test again, will this work? I test
this on two computers: windows 2000 and 2003, both of work fine. Therefore,
I suspect if this is related to the configrations on your IIS or web
application, we may try a little more to ensure this. Additionally, when
opeing the login page, is redirect link correct in IE's adrress bar?
Luke
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
If you create a new virtual folder and test again, will this work? I test
this on two computers: windows 2000 and 2003, both of work fine. Therefore,
I suspect if this is related to the configrations on your IIS or web
application, we may try a little more to ensure this. Additionally, when
opeing the login page, is redirect link correct in IE's adrress bar?
Luke
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
M
Michael Tissington
Hello,
I have created a new virtual folder (before I was trying a real folder).
Now I can not get past my authentication form - it just keeps in a loop.
In the IE address bar the redirect link is correct.
In addition it seems that its is trying to run my exe on the server that its
trying to download - if I don't give the directory Execute permission then
when I try to view the page I get an error saying that I'm trying to run a
CGI or EXE ....
So why is it trying to run it instead of download it ?
I have created a new virtual folder (before I was trying a real folder).
Now I can not get past my authentication form - it just keeps in a loop.
In the IE address bar the redirect link is correct.
In addition it seems that its is trying to run my exe on the server that its
trying to download - if I don't give the directory Execute permission then
when I try to view the page I get an error saying that I'm trying to run a
CGI or EXE ....
So why is it trying to run it instead of download it ?
M
MSFT
Hi Michael,
I'm thinking that the following config file might help:
<!-- web.config -->
<configuration>
<system.web>
<httpHandlers>
<add verb="*" path="*.exe" type="System.Web.StaticFileHandler"/>
</httpHandlers>
</system.web>
</configuration>
The StaticFileHandler returns the contents of the document and it may solve
this problem. You may also check you machine.config and web.config, to see
if there are some httphandler added before.
Luke
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
I'm thinking that the following config file might help:
<!-- web.config -->
<configuration>
<system.web>
<httpHandlers>
<add verb="*" path="*.exe" type="System.Web.StaticFileHandler"/>
</httpHandlers>
</system.web>
</configuration>
The StaticFileHandler returns the contents of the document and it may solve
this problem. You may also check you machine.config and web.config, to see
if there are some httphandler added before.
Luke
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
M
Michael Tissington
Thanks!
M
Michael Tissington
Luk,
OK, I can get it working if I do NOT use a virtual directory in IIS.
If I create a virtual directory then I can never get past the Forms
Authentication page.
It authenticates and then displays they logon page again and again ...
Any idea what would be causing this?
OK, I can get it working if I do NOT use a virtual directory in IIS.
If I create a virtual directory then I can never get past the Forms
Authentication page.
It authenticates and then displays they logon page again and again ...
Any idea what would be causing this?
M
MSFT
Hi Michael,
If we didn't create a virtual folder, it also wouldn't cause the form
authentication. You can try to add the handler suggested in my previous
post, to see if it will hep. Addtionally, you may try to download a .dat
file (also add application extension for .data in IIS) to see if it will
generate same problem.
Luke
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
If we didn't create a virtual folder, it also wouldn't cause the form
authentication. You can try to add the handler suggested in my previous
post, to see if it will hep. Addtionally, you may try to download a .dat
file (also add application extension for .data in IIS) to see if it will
generate same problem.
Luke
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)