Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Forms authentication and downloading files

Reply
Thread Tools

Forms authentication and downloading files

 
 
Michael Tissington
Guest
Posts: n/a
 
      10-09-2003
How can I use Forms Authentication to give clients access to download
specific exe files?

Thanks.

--
Michael Tissington
http://www.oaklodge.com



 
Reply With Quote
 
 
 
 
Lauchlan M
Guest
Posts: n/a
 
      10-09-2003
> How can I use Forms Authentication to give clients access to download
> specific exe files?
>
> Thanks.


I answered this in your other thread.

Lauchlan M


 
Reply With Quote
 
 
 
 
Michael Tissington
Guest
Posts: n/a
 
      10-09-2003
Well it does not quite work ... of course I maybe doing something wrong

Before I add the mapping ASP.NET security does nothing and I can download
the file.
After I add the mapping then the Forms Authentication works. HOWEVER the
file is NOT downloaded, I simply get a blank page ...

Any ideas please.

--
Michael Tissington
http://www.oaklodge.com


"Lauchlan M" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> > How can I use Forms Authentication to give clients access to download
> > specific exe files?
> >
> > Thanks.

>
> I answered this in your other thread.
>
> Lauchlan M
>
>



 
Reply With Quote
 
Lauchlan M
Guest
Posts: n/a
 
      10-10-2003
> Before I add the mapping ASP.NET security does nothing and I can download
> the file.
> After I add the mapping then the Forms Authentication works. HOWEVER the
> file is NOT downloaded, I simply get a blank page ...


Well, that's working then! <g>

What do you want it to do? You don't want it to go the requested resource,
because they don't have permission for it. I don't want to spend the time
looking this up for you, but I expect you would have to generate/handle some
sort of error code (like 404 page not found, but something custom) and
provide a page to tell the user they did not have access to that page. Or
you log them out, or redirect them to the home page, or whatever you want to
do.

Maybe you might want to ask on one of the MS IIS newgroups as well, since it
is much an IIS question as an ASP.NET one.

FWIW, I handle this in one of the globa.asax methods (ie before the page is
loaded), and if they are trying to access a resource they don't have
permissions for, I log them out and bounce them back to the login page, with
a message telling them they were getting out of line (not in those words of
course . . .).

HTH

Lauchlan M


 
Reply With Quote
 
Michael Tissington
Guest
Posts: n/a
 
      10-10-2003
I think I might not have been clear ....

After I have done the mapping then the exe file is only available after they
have logged in. However I want them to be able to download the EXE and
instead all they get is a blank page ...

--
Michael Tissington
http://www.tabtag.com
http://www.oaklodge.com


"Lauchlan M" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> > Before I add the mapping ASP.NET security does nothing and I can

download
> > the file.
> > After I add the mapping then the Forms Authentication works. HOWEVER the
> > file is NOT downloaded, I simply get a blank page ...

>
> Well, that's working then! <g>
>
> What do you want it to do? You don't want it to go the requested resource,
> because they don't have permission for it. I don't want to spend the time
> looking this up for you, but I expect you would have to generate/handle

some
> sort of error code (like 404 page not found, but something custom) and
> provide a page to tell the user they did not have access to that page. Or
> you log them out, or redirect them to the home page, or whatever you want

to
> do.
>
> Maybe you might want to ask on one of the MS IIS newgroups as well, since

it
> is much an IIS question as an ASP.NET one.
>
> FWIW, I handle this in one of the globa.asax methods (ie before the page

is
> loaded), and if they are trying to access a resource they don't have
> permissions for, I log them out and bounce them back to the login page,

with
> a message telling them they were getting out of line (not in those words

of
> course . . .).
>
> HTH
>
> Lauchlan M
>
>



 
Reply With Quote
 
Lauchlan M
Guest
Posts: n/a
 
      10-10-2003

> I think I might not have been clear ....
>
> After I have done the mapping then the exe file is only available after

they
> have logged in. However I want them to be able to download the EXE and
> instead all they get is a blank page ...


I don't know. Try on the IIS group, since this mapping stuff is IIS related.
Or maybe someone else will chip in.

Good luck

Lauchlan M


 
Reply With Quote
 
MSFT
Guest
Posts: n/a
 
      10-10-2003
Hi Michael,

I test following steps on windows server 2003 (IIS 6.0) and they seems to
be able to resolve the problem.

In IIS Manager, right click the virtual folder and select
"Properties/Directory". Click "Configration" button, and then add an
application extension:

executable: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspne t_isapi.dll

extension .exe

restart IIS. When I input following link in IE:

Http://localhost/webapplication1/cc.exe

It will first redirct to the login form and then pop up the download
dialog. ("webApplication1" has been set with Form Authentication)

Hope this help,

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 
Reply With Quote
 
Michael Tissington
Guest
Posts: n/a
 
      10-10-2003
Luke,

When I do this and I click on my 'exe' link I do get my forms authentication
page but then I get a blank page, the download of the exe does not happen.

--
Michael Tissington
http://www.tabtag.com
http://www.oaklodge.com


"MSFT" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi Michael,
>
> I test following steps on windows server 2003 (IIS 6.0) and they seems to
> be able to resolve the problem.
>
> In IIS Manager, right click the virtual folder and select
> "Properties/Directory". Click "Configration" button, and then add an
> application extension:
>
> executable: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspne t_isapi.dll
>
> extension .exe
>
> restart IIS. When I input following link in IE:
>
> Http://localhost/webapplication1/cc.exe
>
> It will first redirct to the login form and then pop up the download
> dialog. ("webApplication1" has been set with Form Authentication)
>
> Hope this help,
>
> Luke
> Microsoft Online Support
>
> Get Secure! www.microsoft.com/security
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>



 
Reply With Quote
 
MSFT
Guest
Posts: n/a
 
      10-11-2003
Hi Michael,

If it is not form authentication, what will happen? And your framework and
IIS version?

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 
Reply With Quote
 
Michael Tissington
Guest
Posts: n/a
 
      10-11-2003
If I don't use any authentication then when I click on the link I can
download the exe.
With forms authentication, after being authenticated I get a blank page.

This is running on Windows 2003 (so I assume IIS 6 with the latest
Framework)

--
Michael Tissington
http://www.tabtag.com
http://www.oaklodge.com


"MSFT" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi Michael,
>
> If it is not form authentication, what will happen? And your framework and
> IIS version?
>
> Luke
> Microsoft Online Support
>
> Get Secure! www.microsoft.com/security
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Best practices for using forms authentication and security in a hosted env (was: Re: Using a Forms authentication in a shared hosting environment) JEFF ASP .Net 1 11-12-2007 07:00 PM
Forms authentication, downloading files and Web Dialogs Iain ASP .Net Security 1 07-24-2007 05:08 PM
forms authentication -- expired forms cookie vs. not provided forms cookie Eric ASP .Net Security 2 01-27-2006 10:09 PM
Accessing htm files without authentication (forms authentication) Kamil P ASP .Net Security 1 11-10-2004 03:44 PM
Forms Authentication question: How to have some pages open and some requiring forms authentication Eric ASP .Net 2 02-13-2004 02:14 PM



Advertisments