Securing PDFs, DOCs, in Forms Authentication
When using Forms Authentication, any anonymous request for secured pages will be redirected to Login page.However, when the request is for static file types like Word, PDF etc., the redirection won't happen and the content will be served.There are many instances when we want to secure our DOCs, PDFs to only authenticated users.The problem is that, these static files are handled by the IIS and since we set anonymous authentication in IIS, they won't prompt for username and password.To handle this, we need to force asp.net to handle these file types.This can be achieved by the following steps.- Open the IIS Control Panel (inetmgr from command prompt)
- Expand the appropriate nodes and select the Virtual Directory of the application which needs authentication.
- Right click on the Virtual Directory and select Properties.
- Click the Configuration Tab
- A dialog box appears with the list of file extensions.
- Click Add and a dialog appears asking for URL with browse button and a textbox where the extension type to be entered.
- Click on the Browse button and select the the following path%windir%\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- Enter the extension type in the textbox such as .pdf, .doc etc.,
- Select the "Limit to" radio button and Put the same properties as like for aspx files i.e. GET, HEAD, POST, DEBUG
- Click ok - ok. Repeat the same for other file extension types which you want to secure.
Now the above extensions will be served by asp.net and hence they will be authenticated, provided you are securing the folder, directory which contains these files to be secured.
HTH
