Re: Httphandler redirection to document -- GetCompiledPageInstance

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Hi Guys,

while both of your suggestions are appreciated, I was not actually asking
about my security model,
I was actally aking how to intercept a request for a document - do some work
on it - and then send it to the browser.
I will give you an example of why I don't want to use a file viewer or
stream the file.

Assume I have a document on the server called "martinsDocument.doc"
I am using forms authntication and the document is protected with forms
authentication, so I must authenticate through forms authentication
(FIRSTLY) to be able to see the document.

However, even through I can authenticate to the application (using forms
authentication) I am NOT authorized to view the file.
However because I can authenticate to the application forms authentication
alone will NOT stop me viewing the file, I can still type the URL of
"martinsDocument.doc" into the browser (eg
http://www.mydomain.com/martinsDocument.doc) authenticate (using forms
authentication) and I will be able to view the file.

But I do not want this senario to happen, which is why I am using a http
handler.
perhaps the security model is not great but thats another story and I have
to make it work.

so I do need my http handler to be able to intercept requests for the .doc
type and assuming the person is authroised to view the file then I would
like to send the entire file back to the browser, in exactly the manner as
if the handler had never intercepted the request.

If you can help, then please let me know.

cheers

martin.












<garethdjames@xxxxxxxxx> wrote in message
news:1118153348.393737.204180@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> You can't use GetCompiledPageInstance on a doc type, its reserved for
> aspx files.
>
> why not open a reader on the doc file and write it out to the http
> response stream
>


.

Relevant Pages

  • Re: HTTP - basic authentication example.
    ... or *never* knowing the realm..) ... This is called authentication and is implemented ... requests a web page it sends a request to the server. ... consists of headers with certain information about the request. ...
    (comp.lang.python)
  • Re: Each HTTP object being requested twice (401 then 200 responses)
    ... Authentication" and the web.config authentication setting is ... Authorized because the request was made anonymously. ... requests the same object a second time it uses kerberos; ... Kerberos tokens should not be regenerated for every request. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Each HTTP object being requested twice (401 then 200 responses)
    ... Authentication" and the web.config authentication setting is ... Authorized because the request was made anonymously. ... requests the same object a second time it uses kerberos; ... Kerberos tokens should not be regenerated for every request. ...
    (microsoft.public.inetserver.iis.security)
  • Re: HTTP_AUTHORIZATION header
    ... HTML file from one virtual directory, and then immediately execute a CGI from ... Authentication happens when I request the HTML ... header is not expected for every request for NTLM ...
    (microsoft.public.inetserver.iis.security)
  • Re: HTTP_AUTHORIZATION header
    ... I use WFetch to make a Basic authenticated POST request against my CGI EXE ... Nitpick on your stated understanding of authentication protocols - ... header is not expected for every request for NTLM ...
    (microsoft.public.inetserver.iis.security)