473,473 Members | 1,513 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

Forms authentication doesn't work for downloads

Hello,

I'm using Forms authentication, and it works well. If user is not
authenticated, he is routed to the login page.

However, this doesn't work for downloads. If I have a file located in the
restricted area and put a direct link to it - anyone can download it.

Why is this? I expected that people would also be routed to the login
screen. How to make this happen?

I would appreciate your help.

Thank you,

--
Peter Afonin
Nov 18 '05 #1
3 1122
Forms Auth works only for those pages/file/resources which are processed by
ASP.NET by default. That is aspx,asmx, config and such. You can tweak that
in IIS (See Applications configuration for different file extensions like
where aspx is mapped to aspnet_isapi.dll) by having the custom file
extension mapped for aspnet_isapi.dll

See this blog post for detailed explanations:

Protect PDF, DOC and other file types with Forms Authentication
http://dotnetjunkies.com/WebLog/rich.../21/14215.aspx

--
Teemu Keiski
MCP, Microsoft MVP (ASP.NET), AspInsider
ASP.NET Forum Moderator, AspAlliance Columnist
http://blogs.aspadvice.com/joteke

"Peter Afonin" <pv*@speakeasy.net> wrote in message
news:%2****************@TK2MSFTNGP15.phx.gbl...
Hello,

I'm using Forms authentication, and it works well. If user is not
authenticated, he is routed to the login page.Protect PDF, DOC and other file types with Forms Authentication
However, this doesn't work for downloads. If I have a file located in the
restricted area and put a direct link to it - anyone can download it.

Why is this? I expected that people would also be routed to the login
screen. How to make this happen?

I would appreciate your help.

Thank you,

--
Peter Afonin

Nov 18 '05 #2
Forms authentication is handled by the framework - thus you likely need to
pass that type of file through the asp.net handler by mapping it in IIS...

--
Regards

John Timney
ASP.NET MVP
Microsoft Regional Director

"Peter Afonin" <pv*@speakeasy.net> wrote in message
news:%2****************@TK2MSFTNGP15.phx.gbl...
Hello,

I'm using Forms authentication, and it works well. If user is not
authenticated, he is routed to the login page.

However, this doesn't work for downloads. If I have a file located in the
restricted area and put a direct link to it - anyone can download it.

Why is this? I expected that people would also be routed to the login
screen. How to make this happen?

I would appreciate your help.

Thank you,

--
Peter Afonin

Nov 18 '05 #3
Thank you very much for your explanations!

Peter

"Teemu Keiski" <jo****@aspalliance.com> wrote in message
news:%2****************@TK2MSFTNGP15.phx.gbl...
Forms Auth works only for those pages/file/resources which are processed by ASP.NET by default. That is aspx,asmx, config and such. You can tweak that
in IIS (See Applications configuration for different file extensions like
where aspx is mapped to aspnet_isapi.dll) by having the custom file
extension mapped for aspnet_isapi.dll

See this blog post for detailed explanations:

Protect PDF, DOC and other file types with Forms Authentication
http://dotnetjunkies.com/WebLog/rich.../21/14215.aspx
--
Teemu Keiski
MCP, Microsoft MVP (ASP.NET), AspInsider
ASP.NET Forum Moderator, AspAlliance Columnist
http://blogs.aspadvice.com/joteke

"Peter Afonin" <pv*@speakeasy.net> wrote in message
news:%2****************@TK2MSFTNGP15.phx.gbl...
Hello,

I'm using Forms authentication, and it works well. If user is not
authenticated, he is routed to the login page.Protect PDF, DOC and other

file types with Forms Authentication

However, this doesn't work for downloads. If I have a file located in the restricted area and put a direct link to it - anyone can download it.

Why is this? I expected that people would also be routed to the login
screen. How to make this happen?

I would appreciate your help.

Thank you,

--
Peter Afonin


Nov 18 '05 #4
Create Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
0
Forms Authentication timeout doesn't work
by: Mark MacRae | last post by:
I am trying to do some testing of my application with respect to timeouts (i.e. Session timeouts). I took the advice of somebody else in this newsgroup (I think) and set my forms authentication...
Latest Bytes
11
Forms Authentication Problem
by: ElmoWatson | last post by:
I tried on the Security newgroup, as well as other places, and haven't gotten an answer yet - - I'm pulling my hair out over this one. I'm trying to get Forms Authentication working.....I can get...
Latest Bytes
0
ASP.NET Forms Authentication Best Practices
by: Anonieko Ramos | last post by:
ASP.NET Forms Authentication Best Practices Dr. Dobb's Journal February 2004 Protecting user information is critical By Douglas Reilly Douglas is the author of Designing Microsoft ASP.NET...
Latest Bytes
4
Excel Documents & Forms Authentication
by: Lewis Edward Moten III | last post by:
I have a file that users can download through a web page protected by forms authentication: Download.aspx?ID=45 and within that file ... FileInfo fileToDownload = new FileInfo(fileName);
Latest Bytes
0
Freetextbox and Forms Authentication
by: hans.bonefaas | last post by:
Hi, Anybody experience with Freetextbox and Forms Authentication? My Freetextbox works when I add the following to the web.config file: <pages pageBaseType="System.Web.UI.Page" />...
Latest Bytes
5
Forms Authentication with 2 different apps, same login.aspx
by: djhexx | last post by:
Hi. We have an asp.net intranet application written in VB that uses forms authentication for all it's pages. I have a C# asp.net application that I just wrote. The company would like the C#...
Latest Bytes
1
Forms authentication - restricting certain pages
by: Paul Aspinall | last post by:
Hi I want to have most of my website available to users without any authentication (ie. they can freely browse). However, if they go to a restricted part, they should be redirected to a login...
Latest Bytes
4
Forms Authentication
by: =?Utf-8?B?R3V1czEyMw==?= | last post by:
Hi, I created a web site on a remote server. To logon the user must enter a user id and password. The site is uses Forms Authentication. The web config file looks as follows: ...
Latest Bytes
5
Forms Authentication vs MembershipProvider
by: Rory Becker | last post by:
Having now created a Custom MembershipProvider that seems to work correctly with my Logon and ChangePassword controls, I am, as they say, a happy bunny. The next stange is to move on to the...
Latest Bytes
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Latest Bytes
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
Latest Bytes
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Latest Bytes
1
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Latest Bytes
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
Latest Bytes
0
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
Latest Bytes
0
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Latest Bytes
0
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Latest Bytes
0
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
Latest Bytes

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us