
Validate the file name and make sure it is one that the user may accessĬ( "content-disposition", "attachment filename=" + filename) Ĭ = "application/octet-stream" Ĭ( "~/App_Data/" + filename) Now its simply a matter of adding some logic to validate the user, and retrieve the file they are after: public class MyFileHandler : IHttpHandler Not only that, but it does not need to be registered within the web.config file. ashx extension is that it is already mapped to aspnet.dll, so it can take part in Forms Authentication. The point about the handler, created from the Generic Handler option with its.

For the sake of simplicity, the default value of false can be left as it is. The first houses the logic that needs to be run to process the current request, and the second dictates whether the handler can be pooled and reused for other requests. The Handler contains two methods - ProcessRequest and IsReusable. Public void ProcessRequest( HttpContext context)Ĭ = "text/plain"
#Simplefile downloader code
ashx extension containing code like this: public class MyFileHandler : IHttpHandler You should be met with a new file with a. Once you have moved your files, you need a means to serve them to authenticated users, and an HttpHandler will do the job easily.

Anything placed in App_Data is protected by ASP.NET, and requests for items within it are met with a 403 - Forbidden error message. However, if you only have access to the root folder and its contents, there is still at least one other option - App_Data. This is ideal, because no one can browse that folder since it is not part of the application itself. Ideally, your web hosting company will have provided you with access to at least one folder above the root folder of your application.
#Simplefile downloader download
The first thing to do is to move all download files to a location where they cannot be browsed. If you do not have access to IIS, there is a simple workaround. txt to aspnet.dll within IIS, create an HttpHandler to manage the file access, and then register that handler within the web.config file.
#Simplefile downloader how to
As I mentioned before, the vast majority of articles on this topic show how to map. This seems to work, but if a non-authenticated user just enters into their browser, the file will be served, as ASP.NET is not configured to handle.


Users who successfully authenticate will be directed to Default.aspx, which contains links to downloadable files: If( FormsAuthentication.Authenticate(username, password))įormsAuthentication.RedirectFromLoginPage(username, false) Login.aspx contains a straightforward Login Control: Īnd the code-behind contains the authentication logic: protected void Login1_Authenticate( object sender, AuthenticateEventArgs e) aspx files are mapped to aspnet.dll, Forms Authentication kicks in and users who have not already logged in will be redirected to Private/Login.aspx. Since that has been protected under Forms Authentication, and since all. Any requests for that URL will invoke the default document, which in this case is Private/Default.aspx. You set up Forms Authentication to protect this folder, such as in the following web.config snippet: Let's say you have a folder within your application called Private. Forms Authentication in ASP.NET only works with requests that are handled by ASP.NET in IIS 6.0 (typically Windows Server 2003), which means that non-ASP.NET content bypasses aspnet.dll, and is not subject to it. Let's start by examining the problem is a little more detail first.
