tags:

views:

266

answers:

1
Q: 

Secure static html files using IIS7 in integrated mode and using custom httphandler

My asp.net application is not using formsauthentication. Instead we make a call to database, check username//password and save the value in session if user is logged in.

Now i need to secure my html files. I put IIS7 in integrated mode and added a handler mapping to a statichtmlhandler that i wrote that basically checks that if the request url contains .html and session("userloggedin") is not null then do nothing else redirect to login page.

This works fine. Only problem is my html files show up as blank. How to fix it?

+1  A: 

Are you actually including the code to write the HTML file in your handler?

A handler is the end point for a request - a request stops there. If your handler does nothing but a redirect then it's working as you coded it. You must add the code to read the HTML file and serve it.

In my opinion you would be better off doing it higher up the pipeline in an HTTP Module. Modules run in the pipeline, before the request is sent to the handler.

And even nicer option would be to use forms authentication, as you can use IIS7 URL authorization to protect HTML, JPG, any file at all.

blowdart  2009-07-11 16:44:00
No,my handler is just checking session variable and request url. if url has .html and there is no session variable, i force redirect to login page, else do nothing
 2009-07-11 16:56:41
Then it's working as you coded it. Updated my answer.
blowdart  2009-07-11 17:25:57

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps