Background:
My script is designed to only allow the downloading of a file if a
cookie exists to say that someone is logged into my companies site.
A colleague set up a test area the extension .EXE is associated with
the aspnet_isapi.dll. This means that if anyone tries to access a .EXE
file in this area, web.config is run and web.config contains the code:
<authentication mode="Forms">
<forms name="myCookie2" loginUrl="login.aspx" />
</authentication>
The upshot of all this is that no file can be downloaded without going
to login.aspx first, and it's aspx that determines if the cookie to
allow downloading exists.
Now, to my problem. In login.aspx I have a simple bit of code that
first checks to see if the cookie exists. If it does, then if checks to
specific key to see if "logged_in" is true. If that also is true then I
create a URL to the file, and want to redirect to it. This is where I'm
falling over:
============= CODE ===============
<%@ Page Language="C#" Debug="true" %>
<script runat="server">
void DoDownload(String sDownloadName) {
HttpCookie ComCookie = Request.Cookies["Communities"];
if (ComCookie == null) {
Response.Write("Trace 1");
//Response.Redirect("/communities/index.asp");
} else {
if (Request.Cookies["Communities"]["LoggedIn"] == "True") {
String sRedirectURL = "/_protectedFiles/"+sDownloadName;
Response.Redirect(sRedirectURL);
} else {
Response.Write("Trace 2");
//Response.Redirect("/communities/index.asp");
}
}
}
</script>
<html>
<body>
<%
String sFileName = Request.Form["filename"];
String bRequireLogin = Request.Form["login"];
if (bRequireLogin == "false") {
Response.Write("Go right to the file " + sFileName);
} else {
Response.Cookies["Communities"]["LoggedIn"] = "True";
DoDownload(sFileName);
}
%>
</body>
</html>
============= /CODE ===============
In the script above, everything seems to work just fine until the
redirect to sRedirectURL. if I do a Response.Write(sRedirectURL) then I
see what I would expect, e.g. "/_protectedFiles/filename.exe", but if I
stick with the Response.Redirect then the browser address bar only
shows "/_protectedFiles/" and not the actual file name.
is anyting wrong with how I'm creating the sRedirectURL variable, or
with how I'm doing the redirect?
Many thanks for any help