Impersonation and clicking links
- From: "Chris Herbert" <ok@xxxxxxxx>
- Date: Thu, 24 May 2007 10:46:28 -0400
Hi,
I have a web page (site.com\page1.asp) which contains a link to a document
on the same server (site.com\Restricted\doc1.pdf). I want to ensure that the
only way people can access the file is by clicking the link, and not by
pasting the URL into the browser. My idea was to use impersonation on
page1.asp and to restrict the folder "Restricted" to only allow access to
the user I define in the web.config file.
My problem is that I need anyone to be able to see page1.asp, and therefore
allowed anonymous access to it. I stuck a couple of labels on page1.asp just
to see what's going on, and I see that the User.Identity is null, and that
the Principal.WindowsIdentity is "SERVER\username" as specified in my
web.config.
When I click the link on the page, I still get prompted for a username and
password to access doc1.pdf. I am guessing this is because User.Identity is
null, but if that is the case, what is the point of impersonation? If I put
in the username and password I can access doc1.pdf, so I know it's not a
permissions issue.
If anyone could offer me some insight I would appreciate it.
Thanks
.
- Follow-Ups:
- Re: Impersonation and clicking links
- From: bruce barker
- Re: Impersonation and clicking links
- Prev by Date: Dropping a control on a webform and AJAX Update panel resize question
- Next by Date: Re: Impersonation and clicking links
- Previous by thread: Dropping a control on a webform and AJAX Update panel resize question
- Next by thread: Re: Impersonation and clicking links
- Index(es):
Relevant Pages
|
