Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Re: Forms authentication to protect non-aspx files?

Reply
Thread Tools

Re: Forms authentication to protect non-aspx files?

 
 
Peter Rilling
Guest
Posts: n/a
 
      06-07-2004
Yes and no.

All files processed by the aspnet_isapi.dll may be able to be protected in
that way. If you define that filetype as being processed by the above
filter, then theoretically you should be able to protect it this way. This
would only be able to be done for static files, you would not be able to
protect legacy ASP page this way because they are required to go through
their own engine.

Having said that, I do not know what side effects this might produce.

Another alternative would be to move all those files outside of your website
and to write some ASP.NET page that acts as a proxy and streams the content
to the browser. This page would definitely be protected by forms
authentication and the files would not be accessible if outside of the
website.


"Jim" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi,
>
> Is there a way to use forms authentication to also deny access to someone

who has a direct link to a file which is not .aspx?
> i.e. Currently, someone can access a file at

http://www.website.com/info/file.pdf if they type in the url directly. Is
there a way to stop this?
>
> Thank you for your help.
>
> Jim



 
Reply With Quote
 
 
 
 
John Saunders
Guest
Posts: n/a
 
      06-07-2004
"Peter Rilling" <(E-Mail Removed)> wrote in message
news:eUdE%(E-Mail Removed)...
> Yes and no.
>
> All files processed by the aspnet_isapi.dll may be able to be protected in
> that way. If you define that filetype as being processed by the above
> filter, then theoretically you should be able to protect it this way.

This
> would only be able to be done for static files, you would not be able to
> protect legacy ASP page this way because they are required to go through
> their own engine.
>
> Having said that, I do not know what side effects this might produce.


The only "side effects" come into play when you're processing very large
files. The files are read into memory completely before being sent to the
client, so if you've got a 50Mb file, you can have problems.

There should be no problem at all for a normal .pdf file.

--
John Saunders
johnwsaundersiii at hotmail


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Best practices for using forms authentication and security in a hosted env (was: Re: Using a Forms authentication in a shared hosting environment) JEFF ASP .Net 1 11-12-2007 07:00 PM
forms authentication -- expired forms cookie vs. not provided forms cookie Eric ASP .Net Security 2 01-27-2006 10:09 PM
How do I protect my login page from prying eyes (forms authentication)? Alan Silver ASP .Net 7 01-03-2006 09:18 PM
Password protect/Forms authentication method sunniyeow@gmail.com ASP .Net 4 09-14-2005 08:05 PM
Forms Authentication question: How to have some pages open and some requiring forms authentication Eric ASP .Net 2 02-13-2004 02:14 PM



Advertisments