members-only access to all files in a directory

[Jos]

I want to create a "member zone" with restricted access to registered
members only.

I already succeeded to restrict access to ASPX files in a particular
directory using ASP.NET security.
I use Forms authentication and the <location> tag in web.config.

Is it possible with ASP.NET to apply the same restriction to all files (with
extension HTM, HTML, JPG, etc...) within a given directory?

--

Jos

[Chris Jackson]

You wouldn't do that with your web.config settings. Why? Because web.config
is read by the ASP.NET runtime, which is invoked depending on the file
extension. You could remap the other file extensions to the ASP.NET handler
(I honestly don't know what the outcome of this would be, but it is worth a
shot?) so they pick up the security - the only thing that might go wrong is
that the handler might not know what to do with these files. If you are
using Windows Authentication, you can just set this up using NTFS
permissions and not worry about that.

--
Chris Jackson
Software Engineer
Microsoft MVP - Windows Client
Windows XP Associate Expert
--
More people read the newsgroups than read my email.
Reply to the newsgroup for a faster response.
(Control-G using Outlook Express)
--

"Jos" <josnospambranders@fastmail.fm> wrote in message
news:uszfT1t8DHA.2168@TK2MSFTNGP12.phx.gbl...

>I want to create a "member zone" with restricted access to registered
> members only.
>
> I already succeeded to restrict access to ASPX files in a particular
> directory using ASP.NET security.
> I use Forms authentication and the <location> tag in web.config.
>
> Is it possible with ASP.NET to apply the same restriction to all files
> (with
> extension HTM, HTML, JPG, etc...) within a given directory?
>
> --
>
> Jos
>
>

[richlm]

Yes - you can map other extensions (you can even specify .*) in the web site mappings
You could then write a HttpHandler that will intercept all requests and implement your access control logic

[Chris Jackson]

> Yes - you can map other extensions (you can even specify .*) in the web

> site mappings.
> You could then write a HttpHandler that will intercept all requests and
> implement your access control logic.

But will it handle file types like html and jpg without writing such a
handler, just by passing them through? Or will this person need to implement
a handler to do this passthrough?

--
Chris Jackson
Software Engineer
Microsoft MVP - Windows Client
Windows XP Associate Expert
--
More people read the newsgroups than read my email.
Reply to the newsgroup for a faster response.
(Control-G using Outlook Express)
--

[richlm]

It passes through OK with no additional programming effort for static
files - i.e. ones with IE understands - jpg, txt, htm, .... (but not .asp)
So you should NOT need a HttpHandler (or a HttpModule) to do the
passthrough.

BUT I am not sure that the ASP.NET security checks (defined in web.config)
are made in all cases - e.g. it looks like .jpg are covered, but for .htm
you still get the page even if you should be denied access (on XP). So you
would perhaps still need a HttpHandler/Module to pre-process the request and
decide whether or not to pass it on or reject it.

Richard.

"Chris Jackson" <chrisjATmvpsDOTorgNOSPAM> wrote in message
news:uLWhZHl9DHA.340@tk2msftngp13.phx.gbl...

> > Yes - you can map other extensions (you can even specify .*) in the web
> > site mappings.
> > You could then write a HttpHandler that will intercept all requests and
> > implement your access control logic.

>
> But will it handle file types like html and jpg without writing such a
> handler, just by passing them through? Or will this person need to

implement

> a handler to do this passthrough?
>
> --
> Chris Jackson
> Software Engineer
> Microsoft MVP - Windows Client
> Windows XP Associate Expert
> --
> More people read the newsgroups than read my email.
> Reply to the newsgroup for a faster response.
> (Control-G using Outlook Express)
> --
>
>