问题
I am using .net2.0 and IIS6.
When using .net Forms Authentication: How to limit access to resources like pdf files to authenticated users only; so in order to access a file say mysite.com/mydoc.pdf they would have to be authenticated first (go through the login page)
It seems that by default only the .aspx pages are protected. E.g. to include the .html, I had to follow the steps described here.
EDIT
Thanks guys for very quick replies, the answer by Keltex worked perfectly for me as I needed a quick fix for a demo system.
Other answers are very interesting as well and they will be useful when dealing with the production system.
You are more then welcome to post other answers
回答1:
You have to configure IIS to process wildcard extensions. Thus .pdf & .html extensions will be authenticated. Here's how for IIS6:
http://professionalaspnet.com/archive/2007/07/27/Configure-IIS-for-Wildcard-Extensions-in-ASP.NET.aspx
回答2:
You could store the files on a directory that is not accessible directly via the web, and then the users have to visit an ASPX page with an ID pointing to the file they need to download. At that point, you stream the file out them .
回答3:
Create a httphandler which checks the authenticated user before streaming the document out to the browser. Then you can set the link on the page to point at the hander with a document id instead of the file directly.
Once this is done the document can be stored near enough anywhere you choose, being the file system or database or even encoded into an xml file if you want. This is useful for when you want to move storage location but don't want to have to update all the links in the web application.
Useful links: http://msdn.microsoft.com/en-us/library/system.web.ihttphandler
回答4:
Do you have anonymous access turned off? if you just have Integrated Windows auth, it should block all access if you setup your web config with these settings
来源:https://stackoverflow.com/questions/272447/net-forms-authentication-how-to-limit-access-to-resources-like-pdf-files-to-au