Protecting non-asp.net folder contents with forms authentication

From: Daryl Gregory (daryl.gregory_at_gmail.com)
Date: 01/10/05


Date: 10 Jan 2005 11:59:30 -0800

Hi folks,

I'm struggling to understand how forms authentication can protect
content that is not handled by the asp.net handler. For example, if a
user tries to download http://mydomain.com/mydemo.exe, we want that
request to be blocked, and have the user routed to a login page. Once
the user logs in, she should be able to download the file.

Every example I've found shows how to protect aspx pages (which we can
already do). What technologies are needed to make this happen for non-
.net content(if possible at all) -- ActiveDirectory, Authorization
Manager, IIS 6 UrlAuthorization?

If anyone can explain how this works, or point me toward a paper or
example, I'd greatly appreciate it.

Thanks,

--Daryl