preventing access to pdf files without logging first
From: ken Fitzpatrick (anonymous_at_discussions.microsoft.com)
Date: 10/17/03
- Next message: Ram Mohan: "CSP for this implementation cannot be acquired"
- Previous message: Mary Chipman: "Re: help on security"
- In reply to: Edward: "preventing access to pdf files without logging first"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 17 Oct 2003 11:57:12 -0700
You could store the PDF files outside of the website root
directory. If the user is allowed to access the pdf, you
can access the web server's file system from the code
behind. Use [Response.ContentType="application/pdf"] and
[Response.AddHeader "content-type", "application/pdf"] to
set the content being sent back to the client as PDF. Read
the file and write it to the client using
[Response.BinaryWrite].
Ken Fitz
>-----Original Message-----
>Hello,
>
>I created a password protected page so users can access
>pdf documents available only to memebers of the site.
Once
>the user logs in to the site, they could click on a link
>that points directly to a pdf file (ie.
>www.site.com/pdf/somepdf.pdf). The problem is, if someone
>by chance, knows the URL for that particular file, they
>could just open up their IEs and point directly to
>(www.site.com/pdf/somepdf.pdf) and they'll be able to
>access it without logging in. How can you restric access
>to pdf files without the a user logging in? Any
>suggestions?
>
>Thanks,
>Edward
>.
>
- Next message: Ram Mohan: "CSP for this implementation cannot be acquired"
- Previous message: Mary Chipman: "Re: help on security"
- In reply to: Edward: "preventing access to pdf files without logging first"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
