J
Juha Borenius
I have a web site that requires some directories to be protected with
password. Directories might contain any kind of files from aspx -pages to
pdf -documents. Protected directories are not virtual directories - there's
only one application. Protection must be controlled from program - so
authentication methods provided by framework don't seem to work as there's
only one web.config -> can't control each directory independently. I think
editing web.config from program is also a problem.
I found three ways to do it.
a) Implementing HttpModule that handles request at very early stage
(OnBeginRequest). If required file is under protected directory and user has
not logged in (knowing from session state) request is directed to other
directory (or to some special login page).
b) Same thing could be implemented in global.asax as it can be attached to
OnBeginRequest.
c) Implementing HttpHandler that does about the same thing. Handler should
be attached to every type of request (POST, GET and HEAD) and for every file
type.
In every case I would save protected directories to Application, so it
should be pretty quick and easy to compare if current request is under
protected directory. List of protected directories will be refreshed from
database at certain interval. Interval is not a problem.
Are there other options to think of?
What would be the best solution as it should be reliable, scalable etc.?
Regards,
Borre
password. Directories might contain any kind of files from aspx -pages to
pdf -documents. Protected directories are not virtual directories - there's
only one application. Protection must be controlled from program - so
authentication methods provided by framework don't seem to work as there's
only one web.config -> can't control each directory independently. I think
editing web.config from program is also a problem.
I found three ways to do it.
a) Implementing HttpModule that handles request at very early stage
(OnBeginRequest). If required file is under protected directory and user has
not logged in (knowing from session state) request is directed to other
directory (or to some special login page).
b) Same thing could be implemented in global.asax as it can be attached to
OnBeginRequest.
c) Implementing HttpHandler that does about the same thing. Handler should
be attached to every type of request (POST, GET and HEAD) and for every file
type.
In every case I would save protected directories to Application, so it
should be pretty quick and easy to compare if current request is under
protected directory. List of protected directories will be refreshed from
database at certain interval. Interval is not a problem.
Are there other options to think of?
What would be the best solution as it should be reliable, scalable etc.?
Regards,
Borre