Best way to secure binary files

[Janaka]

I've got certain report files on my admin section that i'd like to secure.
What is the best method of doing this on the web server? These could be any
type of file other than a web form - i.e. pdf, word, excel, ppt, etc.
They'll be in their own directory on the server. I am already using Forms
Authentication to allow access for administrators.

 

[Shaun]

There are a couple of methods you can use for this. One way is to use the Application Mappings of IIS, this can be done for the whole site or just some folders - perhaps the folder holding these resources.

What you do is map the extension to the aspnet_isapi.dll - the same one used by .aspx files. This will mean that requests for these files go through the same process as aspx files (your secured pages).
To do this open IIS admin MMC and right click on the folder you want to secure and select Properties. Then go to the Directory (or Home Directory) tab and click on the Configuration button. You'll then see the Mappings tab and you can add the mapping for your extensions - use the same dll that is mapped to .aspx

It does mean some additional load on your servers, hence the suggestion that you place such files under a particular folder (and its subfolders) and secure this folder as above.

There are other methods, but this is the quickest (I think).

Shaun