Home/ Questions/Q 7603659
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-30T23:42:46+00:00

I have a login.aspx page with custom textbox for username and password i.e. no

  • 0

I have a login.aspx page with custom textbox for username and password i.e. no loginview
after supplying correct username and pwd i assign a sessionid which is used to visit other pages on website.

Now to download a file (1234) i redierct the user to ~/download.aspx?fileid=1234, on this page i check the session id and send the user to file url i.e. ~/file/1234.pdf.
if some one dirctly enters file url, then i am unable to stop him.
plase guide me on how to do this…

P.S. : i have read about authentication rule in web.config file but dont know how to mark user as authenticated ones he supplies correct username and password at login. (i am only checking username and pwd from database and redirecting to home page)

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Your authentication strategy is fairly weak. You should be bounding areas of your site (namely the files directory in this instance) with roles and assigning users to them.

    However, to get around the more immediate problem, simply disable the outside world from getting to the files directory and when they hit ~/download.aspx?fileid=1234 just serve them the file. You can find instructions for this here: How to properly serve a PDF file

    • 0