Restrict access to resources like .doc, .ppt etc in .net forms authentication application

[Gaurav]

Hi,

We are developing a .NET app which has forms authentication. When the
user types in the direct URL which is an aspx page, he will be thrown
to the login page. But if the URL points to a .txt or .doc file, the
document is displayed even though the user is not authenticated.

How do we stop this such that only the users authenticate themselves
before getting access to the resource.

Thanks and Regards,

Gaurav

 

[Rasmus Foged]

Hi.

you probably should look at (several) the samples which
mixes forms- and windows-authentication and then turn on
windows authentication to set security (ACE/ACL) on the
file-ressurces.


Best regards

Rasmus Foged

 

[Javier Miranda]

Hi

You could use Windows Authentication to authorize using ACL. But if you want to use Forms Authentication and Role Based Authoization, then you must edit your ISAPI server extension so ASP.NET can process those files and apply the Role Based Authoization. Keep in mind that this could introduce a performance penalty

Hope it helps

- Javier M.

 

[GK]

Dear All,

Thanks for the reply.

We had tried this but were facing the issues. Let me explain what we
did.

We created a folder within the application as DOCS and allowed one NT
user [say PortalUser] to have access on this folder. Now, when a user
gives the direct URL without authenticating, the windows pop up is shown
and he does not get access to the documents.

The problem is that when the valid user who has been authenticated tries
to view the doc in the folder, he also is getting that pop-up.
We are not able to show the documents to the valid user without giving
the pop-up. We tried impersonation by adding the folowing in the
web.config file: -
<identity impersonate="true" username="PortalUser" password = "">
</identity>
but that also is not working.

regards,
Gaurav