«

Yes and no.

All files processed by the aspnet_isapi.dll may be able to be protected in
that way. If you define that filetype as being processed by the above
filter, then theoretically you should be able to protect it this way. This
would only be able to be done for static files, you would not be able to
protect legacy ASP page this way because they are required to go through
their own engine.

Having said that, I do not know what side effects this might produce.

Another alternative would be to move all those files outside of your website
and to write some ASP.NET page that acts as a proxy and streams the content
to the browser. This page would definitely be protected by forms
authentication and the files would not be accessible if outside of the
website.


"Jim" <> wrote in message
news:E62C685F-8E27-46AB-966D-...
> Hi,
>
> Is there a way to use forms authentication to also deny access to someone
who has a direct link to a file which is not .aspx?
> i.e. Currently, someone can access a file at
http://www.website.com/info/file.pdf if they type in the url directly. Is
there a way to stop this?
>
> Thank you for your help.
>
> Jim

"Peter Rilling" <> wrote in message
news:eUdE%...
> Yes and no.
>
> All files processed by the aspnet_isapi.dll may be able to be protected in
> that way. If you define that filetype as being processed by the above
> filter, then theoretically you should be able to protect it this way.
This
> would only be able to be done for static files, you would not be able to
> protect legacy ASP page this way because they are required to go through
> their own engine.
>
> Having said that, I do not know what side effects this might produce.

The only "side effects" come into play when you're processing very large
files. The files are read into memory completely before being sent to the
client, so if you've got a 50Mb file, you can have problems.

There should be no problem at all for a normal .pdf file.

--
John Saunders
johnwsaundersiii at hotmail