Re: Authentication condition in custom httphandler

• Previous message: Wardeaux: "Check another server's certficate from asp.net Code behind"
• In reply to: ScottB: "Re: Authentication condition in custom httphandler"
• Next in thread: ScottB: "Re: Authentication condition in custom httphandler"
• Reply: ScottB: "Re: Authentication condition in custom httphandler"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 14 Apr 2005 20:51:37 -0500

In that case, just check Context.User.Identity.IsAuthenticated. Then, you
can either redirect them to a logon page or just set the response status
code to 401 and exit out of the handler. If you are using Forms
authentication, the 401 should land you back at the logon page.

However, I still think you can do this without any custom handlers and just
using config. Using the built-in StaticFileHandler should allow you to
direct requests for specific file extensions to ASP.NET. Then, if you put
the static files in a sub-directory, you would then be able to set up a
location tag in your web.config that only allows access to authenticated
users. ASP.NET will do the rest.

If you need to dynamically stream or generate the files, then a custom
handler might needed, but otherwise the built in stuff can do all this with
no coding.

Another thing you might consider is a custom HttpModule that does the
authorization. It would just look for your protected resources by
extension, check the authenticated status and stop the request if need be as
above. You'd still need the same bit with the StaticFileHandler, but you
wouldn't need to use the web.config for the authorization.

Joe K.

"ScottB" <kuchyku@houseofjello.zap> wrote in message
news:B241F382-7723-4E2C-AF12-390AFA3B0F22@microsoft.com...
>I haven't used the UrlAuthorizationModule before but as I understand it, I
> don't think that it is the right fit for this issue. There are hundreds
> of
> word documents through out the site. Also, the documents are changeing
> all
> the time so revising the web.config file would be labor intensive. Also,
> user credentials are set up in a SQL database where there could be 100s,
> even
> 1,000s of users.
>
> I just think it would be much smoother to just give authenticated users
> access to all posted .doc downloads. By the way, I also will be posting
> .pdf, .xls, and others. Let me know if I'm not looking at it from the
> right
> direction. Thanks for your reply, I appreciate it.
>
> Scott Bass
>
> "Joe Kaplan (MVP - ADSI)" wrote:
>
>> Wouldn't it be easier to let the UrlAuthorizationModule do this for you?
>> You could then just set up the security in the web.config with allow and
>> deny tags.
>>
>> If you need to code it yourself, reverse engineering the
>> UrlAuthorizationModule will help you understand how they do it. As I
>> recall
>> they just set the response status to 401 and call CompleteRequest.
>>
>> The User, Request and Response should all be members of the HttpContext
>> you
>> get from ProcessRequest method.
>>
>> Joe K.
>>
>> "ScottB" <kuchyku@houseofjello.zap> wrote in message
>> news:661089F3-2076-404A-B339-D92DD0F363FB@microsoft.com...
>> > I'm working on an ASP.Net application that uses forms authentication
>> > and I
>> > could use some help. I need to build some custom HTTPHandlers to
>> > handle
>> > security on some word documents that I have on my website. I've
>> > created a
>> > class named DocHandler (see the code below, thanks Atal Bihari
>> > Upadhyay)
>> > which implements the IHTTPHandler interface. My problem is this: In
>> > the
>> > ProcessRequest subprocedure, I want to create a condition that is based
>> > on
>> > the User.Identity.IsAuthenticated property for the application but I'm
>> > not
>> > sure how to expose or reference it. Ideally, the condition should say
>> > that
>> > if the user is authenticated, then the user will have access to the
>> > word
>> > document (*.doc). If the user tries to access the file without
>> > authentication, they will get a message that says "Access denied,
>> > please
>> > login properly!".
>> >
>> >
>> > Imports System.Web
>> > Imports System.Web.Security.FormsAuthentication
>> >
>> > Namespace SpecialHTTPHandler
>> >
>> > Public Class DocHandler
>> > Implements IHttpHandler
>> >
>> > Public Sub ProcessRequest(ByVal context As HttpContext) Implements
>> > IHttpHandler.ProcessRequest
>> > If User.Identity.IsAuthenticated Then
>> > context.Response.Buffer = True
>> > context.Response.Clear()
>> > context.Response.AddHeader("content-disposition",
>> > "attachement;
>> > filename=x.doc")
>> > context.Response.ContentType = "application/doc"
>> > context.Response.WriteFile("pp.doc")
>> > Else
>> > context.Response.Write("Access denied, please login
>> > properly!")
>> > End If
>> > End Sub
>> >
>> > Public ReadOnly Property IsReusable() As Boolean Implements
>> > IHttpHandler.IsReusable
>> > Get
>> > Return True
>> > End Get
>> > End Property
>> > End Class
>> > End Namespace
>> >
>> >
>> > This problem has exceeded my level of experience so any help will be
>> > greatly
>> > appreciated. Thanks in advance for your help.
>> >
>> > --
>> > Scott
>>
>>
>>

• Previous message: Wardeaux: "Check another server's certficate from asp.net Code behind"
• In reply to: ScottB: "Re: Authentication condition in custom httphandler"
• Next in thread: ScottB: "Re: Authentication condition in custom httphandler"
• Reply: ScottB: "Re: Authentication condition in custom httphandler"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]