0

On the root of my webservice application, I have a directory which contains some html and txt files. These files should be accessed only to the authenticated user. How can I achive this?

This is the follow-up of my question: ASP.Net Directory Security

I implemented HttpHandler as suggested by Shark on that post. It allows html and txt files to handle but I can't show these files to the authenticated user too.

Update: I solved this issue by checking session on the handler. While hosting this on the server I faced another problem. i.e. my custom handler was not getting called. I got the cause and solution for that issue on: http://msdn.microsoft.com/en-us/library/bb515343.aspx

Cause:

By default, Internet Information Services (IIS) passes requests for only certain file types to ASP.NET to service. Files with file-name extensions such as .aspx, asmx, and .ashx are already mapped to the ASP.NET ISAPI extension (Aspnet_isapi.dll).

Solution:

To have IIS pass other file-name extensions to ASP.NET, you must register the extensions in IIS.

Whole Story: http://www.naveenbhat.in/2012/06/directory-security-on-webservice-with.html

Community
  • 1
  • 1
NaveenBhat
  • 3,248
  • 4
  • 35
  • 48

1 Answers1

1

If you are using ASP.Net Security (Forms/Windows authentication), you can simply control it by web.config settings. Like so:

<system.web>

  <authentication mode="Forms">
  </authentication>

   <location path="directoryPath"> 
      <system.web>
         <authorization>
            <deny users="?"/> // this will deny access to anonymous users
         </authorization>
      </system.web>
   </location>

</system.web>
Chris
  • 7,229
  • 7
  • 41
  • 57
  • I've already tried this but it is not working for me! is there anything, related - that I need to do in code? – NaveenBhat Jan 06 '12 at 12:00
  • You tried forms authentication? What is returned if you check Page.User.Identity.IsAuthenticated after authentication? Or didn't you configure any authentication yet? – Chris Jan 06 '12 at 12:05
  • sorry for the delay....I used `windows` authentication and the `Page.User.Identity.IsAuthenticated` was always returning `true` in my case. I didn't tried `Forms` because its a webservice application and AFAIK `Forms` authentication is not a good option here. – NaveenBhat Jan 09 '12 at 08:35
  • Since I created a separate handler for `html` and `pdf` files I used to check `session` there and it is working fine now. Thank you!...I'll mark this as answered because it seems to be a correct answer in the majority case. – NaveenBhat Jan 09 '12 at 08:43