Re: Restrict access to resources like .doc, .ppt etc in .net forms authentication application

From: Steve C. Orr [MVP, MCSD] (Steve_at_Orr.net)
Date: 04/02/04 

Date: Fri, 2 Apr 2004 08:29:38 -0800

In IIS you can associate these file types with ASP.NET so they will be
managed by Forms Authentication.

Another technique is to store these files somewhere else, such as a database
or a secured directory.
Then you can take manual control of them and only dish them out when you
choose by using functions such as Response.WriteFile
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemwebhttpresponseclasswritefiletopic.asp 

-- 
I hope this helps,
Steve C. Orr, MCSD, MVP
http://Steve.Orr.net
"Gaurav" <gaurav_kumar@infosys.com> wrote in message
news:a41c05d3.0404020711.11969cdc@posting.google.com...
> Hi,
>
> We are developing a .NET app which has forms authentication. When the
> user types in the direct URL of an aspx page on the browser, he will
> be thrown to the login page. But if the URL points to a .txt or .doc
> file, the document is displayed even though the user is not
> authenticated.
>
> How do we stop this such that the user has to login to the application
> and then view the documents.
>
> Thanks and Regards,
> Gaurav

Relevant Pages