In IIS you can associate these file types with ASP.NET so they will be
managed by Forms Authentication.
Another technique is to store these files somewhere else, such as a database
or a secured directory.
Then you can take manual control of them and only dish them out when you
choose by using functions such as Response.WriteFile
http://msdn.microsoft.com/library/de...efiletopic.asp
--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://Steve.Orr.net
"Gaurav" <gaurav_kumar@infosys.com> wrote in message
news:a41c05d3.0404020711.11969cdc@posting.google.c om...[color=blue]
> Hi,
>
> We are developing a .NET app which has forms authentication. When the
> user types in the direct URL of an aspx page on the browser, he will
> be thrown to the login page. But if the URL points to a .txt or .doc
> file, the document is displayed even though the user is not
> authenticated.
>
> How do we stop this such that the user has to login to the application
> and then view the documents.
>
> Thanks and Regards,
> Gaurav[/color]
