Protect file with different extension from .aspx

[Alessandro Zucchi]

Hi,
I'm developing an asp.net application. I'm using form authentication.
All runs with page aspx, but when I try to connect to a protected file
diverse to an aspx (such as a PDF file) and I'm not authenticated , the
application download the file instead of redirect to the predefined login
page.
Anyone can help me ?

Best regards
alex

[Teemu Keiski]

Hi,

see this blog post

Protect PDF, DOC and other file types with Forms Authentication
[url]http://dotnetjunkies.com/WebLog/richard.dudley/archive/2004/05/21/14215.aspx[/url]

--
Teemu Keiski
ASP.NET MVP, AspInsider
Finland, EU

"Alessandro Zucchi" <AlessandroZucchi@discussions.microsoft.com> wrote in
message news:396D536D-13DA-40A2-93DD-F26DE9C5B795@microsoft.com...

> Hi,
> I'm developing an asp.net application. I'm using form authentication.
> All runs with page aspx, but when I try to connect to a protected file
> diverse to an aspx (such as a PDF file) and I'm not authenticated , the
> application download the file instead of redirect to the predefined login
> page.
> Anyone can help me ?
>
> Best regards
> alex
>

[gabe garza]

Create an ASPX page that'll download the file to the user.
Example. [url]http://www.servername.com/getfile.aspx?filename=3928393293[/url]

Now you can still use form authentication.

Make sure in getfile.aspx to set your Content-Type and Content-Disposition
properly.

I did a similar thing for a client that wanted images sent from an AS/400
computer to be displayed in a client browser, but only if a valid user was
logged into the system.
I also made sure that 3928393293 was only valid for the user that requested
the image and that 3928393293 could only be used once. Some users bookmarked
the URL but the client didn't want that.


"Alessandro Zucchi" <AlessandroZucchi@discussions.microsoft.com> wrote in
message news:396D536D-13DA-40A2-93DD-F26DE9C5B795@microsoft.com...

> Hi,
> I'm developing an asp.net application. I'm using form authentication.
> All runs with page aspx, but when I try to connect to a protected file
> diverse to an aspx (such as a PDF file) and I'm not authenticated , the
> application download the file instead of redirect to the predefined login
> page.
> Anyone can help me ?
>
> Best regards
> alex
>
>

[Juan Antonio Tubío]

Hello!

I have the same problem!! I already have tested the 'ISAPI ASP.NET
Filter Redirection' for .htm and .html files and it works fine!!

But what i can do for .pdf files? I want that user can read this files
directly in the internet explorer window without need to download them...

Any Idea?

Thank you in advance.

Best Regards,
Juan Antonio

gabe garza escribió:

> Create an ASPX page that'll download the file to the user.
> Example. [url]http://www.servername.com/getfile.aspx?filename=3928393293[/url]
>
> Now you can still use form authentication.
>
> Make sure in getfile.aspx to set your Content-Type and Content-Disposition
> properly.
>
> I did a similar thing for a client that wanted images sent from an AS/400
> computer to be displayed in a client browser, but only if a valid user was
> logged into the system.
> I also made sure that 3928393293 was only valid for the user that requested
> the image and that 3928393293 could only be used once. Some users bookmarked
> the URL but the client didn't want that.
>
>
> "Alessandro Zucchi" <AlessandroZucchi@discussions.microsoft.com> wrote in
> message news:396D536D-13DA-40A2-93DD-F26DE9C5B795@microsoft.com...
>

>>Hi,
>>I'm developing an asp.net application. I'm using form authentication.
>>All runs with page aspx, but when I try to connect to a protected file
>>diverse to an aspx (such as a PDF file) and I'm not authenticated , the
>>application download the file instead of redirect to the predefined login
>>page.
>>Anyone can help me ?
>>
>>Best regards
>>alex
>>
>>

>
>
>

[Juan Antonio Tubío]

I think that the best solution is a 'mixed authentication' between
'windows authentication' and 'forms authentication'. Setup 'Windows
Authentication' to protect a full folder (automatically for all file
types) and when the user try to access them, show a login form (can
check the user in a custom database) and 'internally' do a 'Windows
Login' with a Windows User.

But i don't know hot to do it..

gabe garza escribió:

> Create an ASPX page that'll download the file to the user.
> Example. [url]http://www.servername.com/getfile.aspx?filename=3928393293[/url]
>
> Now you can still use form authentication.
>
> Make sure in getfile.aspx to set your Content-Type and Content-Disposition
> properly.
>
> I did a similar thing for a client that wanted images sent from an AS/400
> computer to be displayed in a client browser, but only if a valid user was
> logged into the system.
> I also made sure that 3928393293 was only valid for the user that requested
> the image and that 3928393293 could only be used once. Some users bookmarked
> the URL but the client didn't want that.
>
>
> "Alessandro Zucchi" <AlessandroZucchi@discussions.microsoft.com> wrote in
> message news:396D536D-13DA-40A2-93DD-F26DE9C5B795@microsoft.com...
>

>>Hi,
>>I'm developing an asp.net application. I'm using form authentication.
>>All runs with page aspx, but when I try to connect to a protected file
>>diverse to an aspx (such as a PDF file) and I'm not authenticated , the
>>application download the file instead of redirect to the predefined login
>>page.
>>Anyone can help me ?
>>
>>Best regards
>>alex
>>
>>

>
>
>

[gabe garza]

Juan,

Technically the PDF file has to be sent to the client browser so matter
what, it's still "downloading" no matter how you look at it.

Just make sure to set the Content-Type and Content-Disposition properly in a
"getfile.aspx" or what every you named the aspx file.
The PDF file, if the client has installed Acrobat Reader, will display the
PDF in IE, Firefox, Safari, etc...
If a client hasn't installed Acrobat Reader then they'll get a "Open", "Save
As" dialog box.

Gabe


"Juan Antonio Tubío" <jatubio@saluddigital.net> wrote in message
news:424B02A5.5020003@saluddigital.net...

> Hello!
>
> I have the same problem!! I already have tested the 'ISAPI ASP.NET Filter
> Redirection' for .htm and .html files and it works fine!!
>
> But what i can do for .pdf files? I want that user can read this files
> directly in the internet explorer window without need to download them...
>
> Any Idea?
>
> Thank you in advance.
>
> Best Regards,
> Juan Antonio
>
> gabe garza escribió:

>> Create an ASPX page that'll download the file to the user.
>> Example. [url]http://www.servername.com/getfile.aspx?filename=3928393293[/url]
>>
>> Now you can still use form authentication.
>>
>> Make sure in getfile.aspx to set your Content-Type and
>> Content-Disposition properly.
>>
>> I did a similar thing for a client that wanted images sent from an AS/400
>> computer to be displayed in a client browser, but only if a valid user
>> was logged into the system.
>> I also made sure that 3928393293 was only valid for the user that
>> requested the image and that 3928393293 could only be used once. Some
>> users bookmarked the URL but the client didn't want that.
>>
>>
>> "Alessandro Zucchi" <AlessandroZucchi@discussions.microsoft.com> wrote in
>> message news:396D536D-13DA-40A2-93DD-F26DE9C5B795@microsoft.com...
>>

>>>Hi,
>>>I'm developing an asp.net application. I'm using form authentication.
>>>All runs with page aspx, but when I try to connect to a protected file
>>>diverse to an aspx (such as a PDF file) and I'm not authenticated , the
>>>application download the file instead of redirect to the predefined login
>>>page.
>>>Anyone can help me ?
>>>
>>>Best regards
>>>alex
>>>
>>>

>>
>>
>>

>

[Yahoo]

There are two main ways to accomplish this...

1) have asp.net protect the file
2) have windows ntsf protect the file

For 1).
You need to have IIS send the requested file to ASP.NET. To accomplish this
go into IIS application virtual directory->Home Directory->Mappings.
Edit/Add the .pdf to the asp.net frameworks executable path (see .aspx).
Uncheck check file exists. Now asp.net will now receive the request. From
here you might want to implement a httpHandler and stream the file out.

For 2).
Create a new role in windows called 'pdfer' or whatever. Set all prfs to be
read by this role (and sysem admin and so forth) but not iusr_xxx. When
doing form authentication, set the identity of this user to also include
this role.

Hope that helps
Joe

"Alessandro Zucchi" <AlessandroZucchi@discussions.microsoft.com> wrote in
message news:396D536D-13DA-40A2-93DD-F26DE9C5B795@microsoft.com...

> Hi,
> I'm developing an asp.net application. I'm using form authentication.
> All runs with page aspx, but when I try to connect to a protected file
> diverse to an aspx (such as a PDF file) and I'm not authenticated , the
> application download the file instead of redirect to the predefined login
> page.
> Anyone can help me ?
>
> Best regards
> alex
>
>

[Juan Antonio Tubio]

Hello:

The first option i think is the best, but i don't have developped
never a httpHandler, ¿you know any page with a sample?

For the second option, i think it's too a good solution but if the
user write in the browser directly the link for the pdf file, the
broser show a 'Windows Authentication' form, i don't know how to avoid
this!!

Thank you Joe, you have put me in the good way.

On Mon, 11 Apr 2005 23:51:44 GMT, "Yahoo"
<joe_c_miguel-spam@yahoo.com> wrote:

>There are two main ways to accomplish this...
>
>1) have asp.net protect the file
>2) have windows ntsf protect the file
>
>For 1).
>You need to have IIS send the requested file to ASP.NET. To accomplish this
>go into IIS application virtual directory->Home Directory->Mappings.
>Edit/Add the .pdf to the asp.net frameworks executable path (see .aspx).
>Uncheck check file exists. Now asp.net will now receive the request. From
>here you might want to implement a httpHandler and stream the file out.
>
>For 2).
>Create a new role in windows called 'pdfer' or whatever. Set all prfs to be
>read by this role (and sysem admin and so forth) but not iusr_xxx. When
>doing form authentication, set the identity of this user to also include
>this role.
>
>Hope that helps
>Joe
>
>"Alessandro Zucchi" <AlessandroZucchi@discussions.microsoft.com> wrote in
>message news:396D536D-13DA-40A2-93DD-F26DE9C5B795@microsoft.com...

>> Hi,
>> I'm developing an asp.net application. I'm using form authentication.
>> All runs with page aspx, but when I try to connect to a protected file
>> diverse to an aspx (such as a PDF file) and I'm not authenticated , the
>> application download the file instead of redirect to the predefined login
>> page.
>> Anyone can help me ?
>>
>> Best regards
>> alex
>>
>>

>