Ask a Question related to ASP.NET Security, Design and Development.
-
Peter Afonin #1
Forms authentication doesn't work for downloads
Hello,
I'm using Forms authentication, and it works well. If user is not
authenticated, he is routed to the login page.
However, this doesn't work for downloads. If I have a file located in the
restricted area and put a direct link to it - anyone can download it.
Why is this? I expected that people would also be routed to the login
screen. How to make this happen?
I would appreciate your help.
Thank you,
--
Peter Afonin
Peter Afonin Guest
-
ASP.NET Forms Authentication don't work on some Window XP
(Type your message here) I am working on ASP.NET project where I am using formauthentication, it seems to work fine on all OS including XPexcept on... -
forms authentication doesn't work for static pages/files like GIF/HTML/PDF ?
do I understand it correctly that forms authentication doesn't work for static pages/files like GIF/HTML/PDF ? so I cannot convince IIS to... -
Forms Authentication does not work when using computer name
Greetings, My asp.net app is using Forms Authentication. Running the project from the Visual Studio .NET 2003 has absolutely no problem. I use... -
Forms Authentication timeout doesn't work
I am trying to do some testing of my application with respect to timeouts (i.e. Session timeouts). I took the advice of somebody else in this... -
Unable to get Forms-based Authentication to work
Hello, I'm new to ASP.NET, and I'm trying to learn how to implement forms based authentication. However, I don't know what I'm doing wrong.... -
John Timney \(ASP.NET MVP\) #2 Re: Forms authentication doesn't work for downloads
Forms authentication is handled by the framework - thus you likely need to
pass that type of file through the asp.net handler by mapping it in IIS...
--
Regards
John Timney
ASP.NET MVP
Microsoft Regional Director
"Peter Afonin" <pva@speakeasy.net> wrote in message
news:%23iyeHzZ0EHA.2316@TK2MSFTNGP15.phx.gbl...> Hello,
>
> I'm using Forms authentication, and it works well. If user is not
> authenticated, he is routed to the login page.
>
> However, this doesn't work for downloads. If I have a file located in the
> restricted area and put a direct link to it - anyone can download it.
>
> Why is this? I expected that people would also be routed to the login
> screen. How to make this happen?
>
> I would appreciate your help.
>
> Thank you,
>
> --
> Peter Afonin
>
>
John Timney \(ASP.NET MVP\) Guest
-
Teemu Keiski #3 Re: Forms authentication doesn't work for downloads
Forms Auth works only for those pages/file/resources which are processed by
ASP.NET by default. That is aspx,asmx, config and such. You can tweak that
in IIS (See Applications configuration for different file extensions like
where aspx is mapped to aspnet_isapi.dll) by having the custom file
extension mapped for aspnet_isapi.dll
See this blog post for detailed explanations:
Protect PDF, DOC and other file types with Forms Authentication
[url]http://dotnetjunkies.com/WebLog/richard.dudley/archive/2004/05/21/14215.aspx[/url]
--
Teemu Keiski
MCP, Microsoft MVP (ASP.NET), AspInsider
ASP.NET Forum Moderator, AspAlliance Columnist
[url]http://blogs.aspadvice.com/joteke[/url]
"Peter Afonin" <pva@speakeasy.net> wrote in message
news:%23iyeHzZ0EHA.2316@TK2MSFTNGP15.phx.gbl...file types with Forms Authentication> Hello,
>
> I'm using Forms authentication, and it works well. If user is not
> authenticated, he is routed to the login page.Protect PDF, DOC and other>
> However, this doesn't work for downloads. If I have a file located in the
> restricted area and put a direct link to it - anyone can download it.
>
> Why is this? I expected that people would also be routed to the login
> screen. How to make this happen?
>
> I would appreciate your help.
>
> Thank you,
>
> --
> Peter Afonin
>
>
Teemu Keiski Guest
-
Peter Afonin #4 Re: Forms authentication doesn't work for downloads
Thank you very much for your explanations!
Peter
"Teemu Keiski" <joteke@aspalliance.com> wrote in message
news:%23l2qg3Z0EHA.1940@TK2MSFTNGP15.phx.gbl...by> Forms Auth works only for those pages/file/resources which are processed[url]http://dotnetjunkies.com/WebLog/richard.dudley/archive/2004/05/21/14215.aspx[/url]> ASP.NET by default. That is aspx,asmx, config and such. You can tweak that
> in IIS (See Applications configuration for different file extensions like
> where aspx is mapped to aspnet_isapi.dll) by having the custom file
> extension mapped for aspnet_isapi.dll
>
> See this blog post for detailed explanations:
>
> Protect PDF, DOC and other file types with Forms Authentication
>the>
> --
> Teemu Keiski
> MCP, Microsoft MVP (ASP.NET), AspInsider
> ASP.NET Forum Moderator, AspAlliance Columnist
> [url]http://blogs.aspadvice.com/joteke[/url]
>
>
>
> "Peter Afonin" <pva@speakeasy.net> wrote in message
> news:%23iyeHzZ0EHA.2316@TK2MSFTNGP15.phx.gbl...> file types with Forms Authentication> > Hello,
> >
> > I'm using Forms authentication, and it works well. If user is not
> > authenticated, he is routed to the login page.Protect PDF, DOC and other> >
> > However, this doesn't work for downloads. If I have a file located in>> > restricted area and put a direct link to it - anyone can download it.
> >
> > Why is this? I expected that people would also be routed to the login
> > screen. How to make this happen?
> >
> > I would appreciate your help.
> >
> > Thank you,
> >
> > --
> > Peter Afonin
> >
> >
>
Peter Afonin Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
