preventing access to pdf files without logging first

From: ken Fitzpatrick (anonymous_at_discussions.microsoft.com)
Date: 10/17/03


Date: Fri, 17 Oct 2003 11:57:12 -0700

You could store the PDF files outside of the website root
directory. If the user is allowed to access the pdf, you
can access the web server's file system from the code
behind. Use [Response.ContentType="application/pdf"] and
[Response.AddHeader "content-type", "application/pdf"] to
set the content being sent back to the client as PDF. Read
the file and write it to the client using
[Response.BinaryWrite].

Ken Fitz

>-----Original Message-----
>Hello,
>
>I created a password protected page so users can access
>pdf documents available only to memebers of the site.
Once
>the user logs in to the site, they could click on a link
>that points directly to a pdf file (ie.
>www.site.com/pdf/somepdf.pdf). The problem is, if someone
>by chance, knows the URL for that particular file, they
>could just open up their IEs and point directly to
>(www.site.com/pdf/somepdf.pdf) and they'll be able to
>access it without logging in. How can you restric access
>to pdf files without the a user logging in? Any
>suggestions?
>
>Thanks,
>Edward
>.
>