cdakz
asked on
How to prevent unauthenticated users from downloading files not managed by ASP.NET (e.g. .mp3, .gif)
I need to make some non-asp.net managed files, such as .mp3's, only available to users who have logged in (via forms authentication).
I've read that one way to do this is to map the file type to the ASP.NET engine, but I'd rather not do that.
I'm assuming that locating the download-able files in a folder above the web's root (e.g. c:\ProtectedFiles) would be a part of the puzzle.
What I'm looking for is the easiest method for implementing this.
Oh, using ASP.NET 2.0, if that makes a difference.
I've read that one way to do this is to map the file type to the ASP.NET engine, but I'd rather not do that.
I'm assuming that locating the download-able files in a folder above the web's root (e.g. c:\ProtectedFiles) would be a part of the puzzle.
What I'm looking for is the easiest method for implementing this.
Oh, using ASP.NET 2.0, if that makes a difference.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Kusala, the web.config only controls access to files managed by ASP.NET, such as .aspx, .ascx, etc. Is there something else I'm missing (entirely possible), perhaps in those URLs you provided.
Looks like I'm going to need to get familiar with http handlers, per PPittle and AmanBhullar's responses (still digesting them).
However, AmanBhullar, I do have a quick follow up question. The URL you provided links to an article that says to put the dll that results from the code into the bin folder. It sounds like it means a .dll that's specific to the code (vs. a site-wide dll, ala ASP.NET 1.1), but it doesn't explicitly say *what* to do
Can you shed more light on this? Is there a way to create a dll just for that class, outside of the rest of the web app (which is compiled just-in-time)? FYI that I'm using Visual Studio 2005.
https://www.experts-exchange.com/questions/21692750/Restrict-folder-access-through-ASP-Net.html
http://support.microsoft.com/kb/815151
-Kusala