Hi,

How should I secure the files (EXE, PDF, ZIP, PPT) on a form authentication based website. Am using simple ASP/SQL to authenticate. I have a validation script running on all the ASP pages on the website, which redirects an unauthorized user to the login page. But, how should I set up the same for the EXE, PDF, ZIP, PPT, etc files? I do not want the ASP.NET/web.config related method.

I do know about the windows authentication that can be augmented to a particular folder containing all the related files. But, I would like to use the same form authentication on the website to secure the files. I mean, a single point of authentication for the website and as well as the files on the server. I want the anonymous user to be redirected to the login page when he keys in the url of the file directly in the browser (say, he should be directed to the login page if he keys in something like: http://vgopi2.site.com/important.exe)

I think this can be done with an ISAPI filter, but I need the details.

Gopi

Forms based authentication implements settings in the web.config file under ASP.NET. I don't think you can work around this if you're using Anonymous authentication but still want to protect the files from being accessed directly.

The two methods for securing files require either authentication (if the files are stored on the file system) via NTFS, or by storing them as BLOBs in the database so that they cannot be accessed directly.

Thanks for your reply,

I was able to work around the problem with a simple asp code. I am placing the files on an unpublished directory and using file read and BinaryWrite function to send it to the browser. By this way, the files are secure.

- Gopi