Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Forms authentication doesn't work for downloads

Reply
Thread Tools

Forms authentication doesn't work for downloads

 
 
Peter Afonin
Guest
Posts: n/a
 
      11-23-2004
Hello,

I'm using Forms authentication, and it works well. If user is not
authenticated, he is routed to the login page.

However, this doesn't work for downloads. If I have a file located in the
restricted area and put a direct link to it - anyone can download it.

Why is this? I expected that people would also be routed to the login
screen. How to make this happen?

I would appreciate your help.

Thank you,

--
Peter Afonin


 
Reply With Quote
 
 
 
 
John Timney \(ASP.NET MVP\)
Guest
Posts: n/a
 
      11-23-2004
Forms authentication is handled by the framework - thus you likely need to
pass that type of file through the asp.net handler by mapping it in IIS...

--
Regards

John Timney
ASP.NET MVP
Microsoft Regional Director

"Peter Afonin" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Hello,
>
> I'm using Forms authentication, and it works well. If user is not
> authenticated, he is routed to the login page.
>
> However, this doesn't work for downloads. If I have a file located in the
> restricted area and put a direct link to it - anyone can download it.
>
> Why is this? I expected that people would also be routed to the login
> screen. How to make this happen?
>
> I would appreciate your help.
>
> Thank you,
>
> --
> Peter Afonin
>
>



 
Reply With Quote
 
 
 
 
Teemu Keiski
Guest
Posts: n/a
 
      11-23-2004
Forms Auth works only for those pages/file/resources which are processed by
ASP.NET by default. That is aspx,asmx, config and such. You can tweak that
in IIS (See Applications configuration for different file extensions like
where aspx is mapped to aspnet_isapi.dll) by having the custom file
extension mapped for aspnet_isapi.dll

See this blog post for detailed explanations:

Protect PDF, DOC and other file types with Forms Authentication
http://dotnetjunkies.com/WebLog/rich.../21/14215.aspx

--
Teemu Keiski
MCP, Microsoft MVP (ASP.NET), AspInsider
ASP.NET Forum Moderator, AspAlliance Columnist
http://blogs.aspadvice.com/joteke



"Peter Afonin" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Hello,
>
> I'm using Forms authentication, and it works well. If user is not
> authenticated, he is routed to the login page.Protect PDF, DOC and other

file types with Forms Authentication
>
> However, this doesn't work for downloads. If I have a file located in the
> restricted area and put a direct link to it - anyone can download it.
>
> Why is this? I expected that people would also be routed to the login
> screen. How to make this happen?
>
> I would appreciate your help.
>
> Thank you,
>
> --
> Peter Afonin
>
>



 
Reply With Quote
 
Peter Afonin
Guest
Posts: n/a
 
      11-23-2004
Thank you very much for your explanations!

Peter

"Teemu Keiski" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Forms Auth works only for those pages/file/resources which are processed

by
> ASP.NET by default. That is aspx,asmx, config and such. You can tweak that
> in IIS (See Applications configuration for different file extensions like
> where aspx is mapped to aspnet_isapi.dll) by having the custom file
> extension mapped for aspnet_isapi.dll
>
> See this blog post for detailed explanations:
>
> Protect PDF, DOC and other file types with Forms Authentication
>

http://dotnetjunkies.com/WebLog/rich.../21/14215.aspx
>
> --
> Teemu Keiski
> MCP, Microsoft MVP (ASP.NET), AspInsider
> ASP.NET Forum Moderator, AspAlliance Columnist
> http://blogs.aspadvice.com/joteke
>
>
>
> "Peter Afonin" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
> > Hello,
> >
> > I'm using Forms authentication, and it works well. If user is not
> > authenticated, he is routed to the login page.Protect PDF, DOC and other

> file types with Forms Authentication
> >
> > However, this doesn't work for downloads. If I have a file located in

the
> > restricted area and put a direct link to it - anyone can download it.
> >
> > Why is this? I expected that people would also be routed to the login
> > screen. How to make this happen?
> >
> > I would appreciate your help.
> >
> > Thank you,
> >
> > --
> > Peter Afonin
> >
> >

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Best practices for using forms authentication and security in a hosted env (was: Re: Using a Forms authentication in a shared hosting environment) JEFF ASP .Net 1 11-12-2007 07:00 PM
forms authentication -- expired forms cookie vs. not provided forms cookie Eric ASP .Net Security 2 01-27-2006 10:09 PM
Forms authentication - Multiple login forms based on directory acc Keltex ASP .Net Security 1 01-24-2006 03:06 PM
Forms authentication doesn't work for downloads Peter Afonin ASP .Net 3 11-23-2004 09:03 PM
Forms Authentication question: How to have some pages open and some requiring forms authentication Eric ASP .Net 2 02-13-2004 02:14 PM



Advertisments