views:

525

answers:

2

I have statiс files in website folder, but need to check permissions for every file. I decided to use HttpModule for that purposes.

ASP.NET receives all the http-requests (I used wildcard mapping) and

The algorith is the following:

  1. HttpModule receives the request
  2. HttpModule checks permissions
  3. If access is denied then the answer is "Forbidden". If all is OK then httpModule's method just returns.
  4. DefaultHttpHandler is automatically used to process request for static files

The problem is that DefaultHttpHandler is not effective enough (it doesn't use file cache, etc.). But IIS (without ASP.NET) works with static files in a very good way.

All I want is to let IIS serve static files after my checks. Is there any way to implement it?

+1  A: 

If you're using IIS7 then yes, it's quite easy. In the integrated mode, all requests go through the managed pipeline. Let IIS serve the files, but add a HttpHandler to do the checks. Or you can use one of the authorization methods that ASP.NET offers.

chris166
If you're using IIS6, I'd love to see a solution that doesn't involved checking rights, then streaming the file.
ScottE
I hope I never have to deal with IIS6 in new projects again ;)
chris166
Unfortunately I use IIS6
murad
BTW you can use HttpModules in IIS6 to handle any requests... But you will need to specify ASP.NET ISAPI filter in the Wildcard Application Mappings. Same fix works for IIS7 in Classic pipeline mode. See http://weblogs.asp.net/scottgu/archive/2007/03/04/tip-trick-integrating-asp-net-security-with-classic-asp-and-non-asp-net-urls.aspx
IgorK
A: 

I have a solution that could be used to stream the file in IIS 6. It does all the good things like resumable downloads, client side caching (etag & expires) and server side caching.

http://code.google.com/p/talifun-web/wiki/StaticFileHandler

It should be easy enough to extend to include authorization before serving up the file.

Taliesin