Require User Id and Password for a Web Directory and All of It's Resources Contained


My client wishes to restrict any resource within a specific web directory. This directory contains .aspx, .txt and .pdf files. By using forms authentication and requesting the user id and password from the viewer I can easily compare this to a data store and using FormsAuthentication.RedirectFromLoginPage present the requested page to the viewer having approved their credentials.

However, this method is not working when the viewer brings up their browser and types in (or uses a bookmark) for the .pdf file in the same directory. No login page is presented. The PDF file is presented immediately to them. The same with .txt and even .htm files. The only resource protected, it seems, using forms authentication in this way are .aspx file (and perhaps other .NET suffixed files).

Is there a way to have the login page presented and credentials validated when any resource in the specific directory is accessed?

Much thanks.

Dave Stolzenbach
David BachAsked:
Who is Participating?
avin_ashincConnect With a Mentor Commented:
My Friend,

This reminds of a hard time i had a few months back :-)
You can go in for CGI tools like "livelink" which can provide security (even different levels). Livelink provides security to all types of documents.

But if u are a poor guy like me :-) try using this way around.

The idea here is not giving out the path of the PDFs. Put the documents into a folder with a wierd name (say xyz_123).

On the link of the PDF file, post the name of the PDF file to an ASP page with the code as runs below. The binary write prevents the user to know the exact path of the file. Hope this helps.

Mail me if u need the content type for other docs.

strFile="xyz_123\" & trim(Request.Form("filename"))
Response.contenttype="application/pdf iirc"
Response.AddHeader "content-Disposition",  "inline;filename=PDF"
Response.BinaryWrite getBinaryFile(server.mappath(strFile))

 function getBinaryFile(fileSpec)
    Dim adTypeBinary
    adTypeBinary = 1
    Dim oStream
    set oStream = server.createobject("ADODB.Stream")
    oStream.Type = adTypeBinary
    oStream.LoadFromFile fileSpec
    set oStream=nothing
end function
All Courses

From novice to tech pro — start learning today.