Restrict users to access the help file, download js files
-
Hi all, I have a set of help files(html files) in the application root directory. Now these HTML files can be accessed by the users even if they are not logged into the application. How can I restrict this? Similarly, how can I restrict users to download java script files which is in my application root directory by directly typing the URL in the browser. Please note, the authentication mode is windows and framework used is 1.1. Kindly help... Thanks in advance.. Rijz
-
Hi all, I have a set of help files(html files) in the application root directory. Now these HTML files can be accessed by the users even if they are not logged into the application. How can I restrict this? Similarly, how can I restrict users to download java script files which is in my application root directory by directly typing the URL in the browser. Please note, the authentication mode is windows and framework used is 1.1. Kindly help... Thanks in advance.. Rijz
Well.. .Actually browser makes separate http request for each individual external files.
Rijz wrote:
Now these HTML files can be accessed by the users even if they are not logged into the application. How can I restrict this?
To make access to the html files.. I would suggest to use separate HttpHandler which will authenticate your request againist some session id, if session is created already or will do it using uid and password.
Rijz wrote:
Similarly, how can I restrict users to download java script files which is in my application root directory by directly typing the URL in the browser.
In case of Javascript as a separate request is made from the browser, it would not be a good idea to restrict the download of the file. Some browser requests javascript after document is fully loaded, but there are others which actually starts download of the file as soon as it parses the Javascript tag. So you cant trap the behaviour of the browser. Rather, I would suggest you to edit your javascript and place your sessionid within the url. Place your sessionid in a sesssion variable or in database. Create a separate HttpHandler for Js file which will check if the sessionid(might be your custom GUID which you generate during the login) passed with the querystring is valid for the current user. Allow download of the javascript only when url is valid. say in your browser you place script tag like this <script type="text/javascript" src="yourjavascript.js?sessionId=<%=this.Session.SessionId%> Now from ProcessRequest of
IHttpHandler, checkstring qry = context.Request.QueryString["sessionId"] as string;
if(!context.Session.SessionId.equals(qry))
{
context.Response.clear();
context.Response.close();
}Also remember to implement your class from
RequiresSessionState, otherwise session will not be available in theHttpHandler
. Hope you got the idea. :rose::rose:
Abhishek Sur
My Latest Articles **Create CLR objects in SQL Server 2005 C# Uncommon Keywords Read/Write Excel using OleDB
**Don'