.NET Forms Authentication: How to limit access to

2019-07-03 06:21发布

I am using .net2.0 and IIS6.

When using .net Forms Authentication: How to limit access to resources like pdf files to authenticated users only; so in order to access a file say mysite.com/mydoc.pdf they would have to be authenticated first (go through the login page)

It seems that by default only the .aspx pages are protected. E.g. to include the .html, I had to follow the steps described here.

EDIT

Thanks guys for very quick replies, the answer by Keltex worked perfectly for me as I needed a quick fix for a demo system.

Other answers are very interesting as well and they will be useful when dealing with the production system.

You are more then welcome to post other answers

4条回答
Anthone
2楼-- · 2019-07-03 06:31

Create a httphandler which checks the authenticated user before streaming the document out to the browser. Then you can set the link on the page to point at the hander with a document id instead of the file directly.

Once this is done the document can be stored near enough anywhere you choose, being the file system or database or even encoded into an xml file if you want. This is useful for when you want to move storage location but don't want to have to update all the links in the web application.

Useful links: http://msdn.microsoft.com/en-us/library/system.web.ihttphandler

查看更多
等我变得足够好
3楼-- · 2019-07-03 06:32

You have to configure IIS to process wildcard extensions. Thus .pdf & .html extensions will be authenticated. Here's how for IIS6:

http://professionalaspnet.com/archive/2007/07/27/Configure-IIS-for-Wildcard-Extensions-in-ASP.NET.aspx

查看更多
一夜七次
4楼-- · 2019-07-03 06:34

Do you have anonymous access turned off? if you just have Integrated Windows auth, it should block all access if you setup your web config with these settings

查看更多
女痞
5楼-- · 2019-07-03 06:38

You could store the files on a directory that is not accessible directly via the web, and then the users have to visit an ASPX page with an ID pointing to the file they need to download. At that point, you stream the file out them .

查看更多
登录 后发表回答