How to deny users to download .doc, .pdf, .zip, etc files directly from my application without authenticating themselves first?
The basic problem with this is that ASP.NET never receives the requests for that kind of extensions by default. To understand this, you should be familiar with the concept of ISAPI’s on IIS. Let me explain this somewhat better: IIS is not a closed rigid black box. Instead, it has an API that allows people to write extensions to it. The basic principle is rather easy: requests have an extension that characterizes them. When such a requests comes in, IIS will take a look at the extension of the request. If that extension occurs in the configuration of IIS as a mapping to some ISAPI extension, that extension will be called (and of the request stuff will be passed to that extension). The extension can then handle the request further. ASP.NET is such an extension (aspnet_isapi.dll) that is registered for a set of extensions (such as .aspx, .ascx, .asmx, .vb, .cs, .config, etc). When you take a look at the machine.config file, you’ll find out that there is some section called
Related Questions
- I want to make a number of application files available for downloading from my Web site, but users aren able to decipher the files after they download them. How can I solve this problem?
- How to deny users to download .doc, .pdf, .zip, etc files directly from my application without authenticating themselves first?
- Can international users download the application? Is it possible for international users to download the beta version?
