|
-
Jun 26th, 2008, 03:00 PM
#1
[RESOLVED] [2005] Securing SubDirectories when using Forms Authentication
How does one go about securing individual subdirectories that contain non-asp.net filetypes when using Forms Authentication?
I have a subdirectory that contains certain files that I only want logged-in users to see. Since they are non-asp.net files (zip, pdf, etc), an anonymous user can access a file as long as they know the direct link. All of the articles I have read (like this one (and countless others) go over using the aspnet.isapi.dll filter and specifying the file extension that you wish to protect. The problem is that this is application level, not directory-level. By using this method, if I add the .PDF extension, then ALL of the .PDF files on the site would then require a login, not just the PDF files in the "secure" location.
I guess what I am getting at is what is the best practice scenario at handling this when using Forms Authentication?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|