By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,823 Members | 730 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,823 IT Pros & Developers. It's quick & easy.

file restriction - Forms authentication

P: n/a
Ed
Hi,

I'm have an asp.NET project, and I'm using Forms authentication method. I was wondering if there is a way to deny access to files that are not .aspx...ie: Someone who tries to access somepage.aspx is prompted for a username and password. However, if someone tries to access somefile.pdf, he can do this without authentication.

Any Suggestions?

Thanks,

Ed
Nov 18 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
Hi Ed,

Only those file types that are mapped in IIS to the aspnet_isapi.dll are
going to be processed by Forms authentication. You have a couple of
options when it comes to PDF files.

1. Have an ASPX page that authenticates and then streams the PDF to the
browser via Response.BinaryWrite.
2. Map the PDF file type to the aspnet_isapi.dll in IIS.

Jim Cheshire, MCSE, MCSD [MSFT]
ASP.NET
Developer Support
ja******@online.microsoft.com

This post is provided "AS-IS" with no warranties and confers no rights.

--------------------
Thread-Topic: file restriction - Forms authentication
thread-index: AcRHRzUlZFxlqk6eRWu5C6EeDelK+Q==
X-WN-Post: microsoft.public.dotnet.framework.aspnet
From: "=?Utf-8?B?RWQ=?=" <an*******@discussions.microsoft.com>
Subject: file restriction - Forms authentication
Date: Mon, 31 May 2004 12:41:03 -0700
Lines: 9
Message-ID: <86**********************************@microsoft.co m>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.dotnet.framework.aspnet
Path: cpmsftngxa10.phx.gbl
Xref: cpmsftngxa10.phx.gbl microsoft.public.dotnet.framework.aspnet:237315
NNTP-Posting-Host: tk2msftcmty1.phx.gbl 10.40.1.180
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

Hi,
I'm have an asp.NET project, and I'm using Forms authentication method. I
was wondering if there is a way to deny access to files that are not
..aspx...ie: Someone who tries to access somepage.aspx is prompted for a
username and password. However, if someone tries to access somefile.pdf,
he can do this without authentication.

Any Suggestions?

Thanks,

Ed


Nov 18 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.