Re: Forms authentication and downloading files

From: Lauchlan M (LMackinnon_at_Hotmail.com)
Date: 10/10/03


Date: Fri, 10 Oct 2003 10:11:16 +1000


> Before I add the mapping ASP.NET security does nothing and I can download
> the file.
> After I add the mapping then the Forms Authentication works. HOWEVER the
> file is NOT downloaded, I simply get a blank page ...

Well, that's working then! <g>

What do you want it to do? You don't want it to go the requested resource,
because they don't have permission for it. I don't want to spend the time
looking this up for you, but I expect you would have to generate/handle some
sort of error code (like 404 page not found, but something custom) and
provide a page to tell the user they did not have access to that page. Or
you log them out, or redirect them to the home page, or whatever you want to
do.

Maybe you might want to ask on one of the MS IIS newgroups as well, since it
is much an IIS question as an ASP.NET one.

FWIW, I handle this in one of the globa.asax methods (ie before the page is
loaded), and if they are trying to access a resource they don't have
permissions for, I log them out and bounce them back to the login page, with
a message telling them they were getting out of line (not in those words of
course . . .).

HTH

Lauchlan M



Relevant Pages

  • Re: Forms authentication and downloading files
    ... After I have done the mapping then the exe file is only available after they ... However I want them to be able to download the EXE and ... > Maybe you might want to ask on one of the MS IIS newgroups as well, ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: [7.8.2002 44916] Notice of Copyright Infringement]
    ... copyright in this fashion is just that kind of permission. ... > of the file on your hd, and compares it with the hashes on everyone elses ... Of course the movie house give the company legal ... > permission to download etc the file, therefore they are not in contravention ...
    (Vuln-Dev)
  • Re: [7.8.2002 44916] Notice of Copyright Infringement]
    ... > More to the point are the key copyright words, ... > copyright in this fashion is just that kind of permission. ... >> permission to download etc the file, therefore they are not in contravention ... >> delivering to the intended recipient, be advised that you have received ...
    (Vuln-Dev)
  • [PATCH 5/6] Enhance SELinux control of executable mappings
    ... This patch for 2.6.10-rc2-mm4 adds new permission checks to the SELinux mmap and mprotect ... hooks to enable control over the ability to make executable a mapping ... The task->self execmem permission controls the ...
    (Linux-Kernel)
  • Re: SELinux policies, memory protections
    ... > possible to implement it entirely in policy. ... Consider cc'ing the listed maintainers of SELinux in the future when you ... I think you want to look at the execmem and execmod permission ... No mapping may be created in any state other than those listed above ...
    (Linux-Kernel)