RE: file restriction - Forms authentication

From: Jim Cheshire [MSFT] (jamesche_at_online.microsoft.com)
Date: 06/01/04 

Date: Tue, 01 Jun 2004 19:45:36 GMT

Hi Ed,

Only those file types that are mapped in IIS to the aspnet_isapi.dll are
going to be processed by Forms authentication. You have a couple of
options when it comes to PDF files.

1. Have an ASPX page that authenticates and then streams the PDF to the
browser via Response.BinaryWrite.
2. Map the PDF file type to the aspnet_isapi.dll in IIS.

Jim Cheshire, MCSE, MCSD [MSFT]
ASP.NET
Developer Support
jamesche@online.microsoft.com

This post is provided "AS-IS" with no warranties and confers no rights.

--------------------
>Thread-Topic: file restriction - Forms authentication
>thread-index: AcRHRzUlZFxlqk6eRWu5C6EeDelK+Q==
>X-WN-Post: microsoft.public.dotnet.framework.aspnet
>From: "=?Utf-8?B?RWQ=?=" <anonymous@discussions.microsoft.com>
>Subject: file restriction - Forms authentication
>Date: Mon, 31 May 2004 12:41:03 -0700
>Lines: 9
>Message-ID: <86150CEC-421A-4B69-846B-5F5AE3F72D25@microsoft.com>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups: microsoft.public.dotnet.framework.aspnet
>Path: cpmsftngxa10.phx.gbl
>Xref: cpmsftngxa10.phx.gbl microsoft.public.dotnet.framework.aspnet:237315
>NNTP-Posting-Host: tk2msftcmty1.phx.gbl 10.40.1.180
>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
>
>Hi,

I'm have an asp.NET project, and I'm using Forms authentication method. I
was wondering if there is a way to deny access to files that are not
.aspx...ie: Someone who tries to access somepage.aspx is prompted for a
username and password. However, if someone tries to access somefile.pdf,
he can do this without authentication.

Any Suggestions?

Thanks,

Ed
>

Relevant Pages

  • Re: File Types not protected by Forms Authentication
    ... suggests extensions for swf are not handled by the asp.net dll and need to ... Go to IIS setup and check the file types. ... > We have an ASP.NET web application that uses Forms Authentication and ... Are only certain file types protected for Forms ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: File Types not protected by Forms Authentication
    ... The reason is that IIS handles the requests for those files, not ASP.NET, ... > We have an ASP.NET web application that uses Forms Authentication and ... > All ASPX, HTML, and other web files are protected by security. ... Are only certain file types protected for Forms ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Deny access to htm files
    ... that a request for a .aspx file does. ... Because Forms Authentication is a .NET feature, ... You'll see a list of Application extensions, with mappings to specific ... for certain file types as well. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Deny access to a directory with web.config
    ... I think that adding the specific file types to the files managed ... by ASP.NET will turn the trick if you implement forms-based ... authentication to the directory. ... > DevelopMentor ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Restrict access to resources like .doc, .ppt etc in .net forms authentication application
    ... In IIS you can associate these file types with ASP.NET so they will be ... > We are developing a .NET app which has forms authentication. ... > user types in the direct URL of an aspx page on the browser, ... > be thrown to the login page. ...
    (microsoft.public.dotnet.framework.aspnet)