In IIS you can associate these file types with ASP.NET so they will be
managed by Forms Authentication.
Another technique is to store these files somewhere else, such as a database
or a secured directory.
Then you can take manual control of them and only dish them out when you
choose by using functions such as Response.WriteFile
http://msdn.microsoft.com/library/de...efiletopic.asp
--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://Steve.Orr.net
"Gaurav" <ga**********@infosys.com> wrote in message
news:a4**************************@posting.google.c om...
Hi,
We are developing a .NET app which has forms authentication. When the
user types in the direct URL of an aspx page on the browser, he will
be thrown to the login page. But if the URL points to a .txt or .doc
file, the document is displayed even though the user is not
authenticated.
How do we stop this such that the user has to login to the application
and then view the documents.
Thanks and Regards,
Gaurav