Well.. .Actually browser makes separate http request for each individual external files.
Rijz wrote:
Now these HTML files can be accessed by the users even if they are not logged into the application. How can I restrict this?
To make access to the html files.. I would suggest to use separate HttpHandler which will authenticate your request againist some session id, if session is created already or will do it using uid and password.
Rijz wrote:
Similarly, how can I restrict users to download java script files which is in my application root directory by directly typing the URL in the browser.
In case of Javascript as a separate request is made from the browser, it would not be a good idea to restrict the download of the file. Some browser requests javascript after document is fully loaded, but there are others which actually starts download of the file as soon as it parses the Javascript tag. So you cant trap the behaviour of the browser. Rather, I would suggest you to edit your javascript and place your sessionid within the url. Place your sessionid in a sesssion variable or in database. Create a separate HttpHandler for Js file which will check if the sessionid(might be your custom GUID which you generate during the login) passed with the querystring is valid for the current user. Allow download of the javascript only when url is valid. say in your browser you place script tag like this <script type="text/javascript" src="yourjavascript.js?sessionId=<%=this.Session.SessionId%> Now from ProcessRequest of IHttpHandler, check
string qry = context.Request.QueryString["sessionId"] as string;
if(!context.Session.SessionId.equals(qry))
{
context.Response.clear();
context.Response.close();
}
Also remember to implement your class from RequiresSessionState, otherwise session will not be available in the
HttpHandler
. Hope you got the idea. :rose::rose:
Abhishek Sur
My Latest Articles **Create CLR objects in SQL Server 2005 C# Uncommon Keywords Read/Write Excel using OleDB
**Don'
