Document-based authorization allows you to secure selected documents on your Web site. You can choose the secured documents using the wild-cards mask, such as /documents/*.doc or /documents/marketing/*. When a user requests document that matches this mask, Secure Access checks required permissions for this document and redirects user if he/she is not authorized.
This sample shows you how to restrict access to the *.doc documents in the Reports folder only to people with "Read" permission in the "WorkReports" application.
Open your project with Secure Access authentication implemented.
Open the global.asax.vb file.
Add following lines inside the "Global" class definition.
[Visual Basic] Sub Application_AcquireRequestState(ByVal sender As Object, ByVal e As EventArgs) If User.Identity.IsAuthenticated Then If ARHelper.IsMatchingPath(Request.RawUrl, "/reports/*.doc") Then If Not ARHelper.IsAuthorized(User.Identity.Name, "WorkReports", "Read") Then If Request.RawUrl.ToLower <> "/sasamplevb/accessdenied.aspx" Then Response.Redirect("/SASampleVB/AccessDenied.aspx") End If End If End If Else If Not Request.RawUrl.ToLower.StartsWith("/sasamplevb/logonform.aspx") Then Response.Redirect("/SASampleVB/logonform.aspx") End If End If End Sub [C#] protected void Application_AcquireRequestState(Object sender, EventArgs e) { if (User.Identity.IsAuthenticated) { if (ARHelper.IsMatchingPath(Request.RawUrl, "/reports/*.doc")) { if (!ARHelper.IsAuthorized(User.Identity.Name, "WorkReports", "Read")) { if (Request.RawUrl.ToLower() != "/sasamplecs/accessdenied.aspx") { Response.Redirect("/SASampleCS/AccessDenied.aspx"); } } } } else { if (! Request.RawUrl.ToLower().StartsWith("/sasamplecs/logonform.aspx")) { Response.Redirect("/SASampleCS/logonform.aspx"); } } } |
This event occurs every time a page is requested (even during page post-backs). The code checks if user is authenticated. If not, the user is redirected to the AccessDenied.aspx page.
If user is authenticated, it tries if the requested raw URL (URL without domain name and protocol) matches provided wildcard. If it matches to "/reports/*.doc" (the comparison is case in-sensitive), it uses ARHelper.IsAuthorized method to find out if user is allowed to "Read" in the "WorkReports" application.
If not, the user is redirected to the AccessDenied.aspx page. Please notice the condition:
[Visual Basic] If Not Request.RawUrl.ToLower.StartsWith("/sasamplevb/logonform.aspx") Then [C#] if (! Request.RawUrl.ToLower().StartsWith("/sasamplecs/logonform.aspx")) |
It ensures that a redirected user is not being redirected to the AccessDenied.aspx page again, in a loop.
Now you need to set up your Internet Information Services server so that it runs ASP.NET ISAPI filter (aspnet_isapi.dll) not only for ASPX pages (which is a default setting), but also for DOC files (or even all files). Open Administrative Tools folder in Control Panels. Open Internet Information Services console and locate the virtual directory of your application. Open its properties and choose the "Directory" tab. Click on the "Configuration..." button.
The "Application Configuration" dialog appears.
Choose the "Mappings" tab and click the "Add" button. The "Add/Edit Application Extension Mapping" dialog appears.
Click on the "Browse..." button and navigate to the following file:
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll |
The version (v1.0.3705) in the path may differ and should be the same as the version of ASP.NET you use.
Enter ".DOC" into the Extension field (you can also enter .* for all document types). If you use IIS 6 and want to choose all documents, you need to add the aspnet_isapi.dll library among Wildcard application maps on the "Application Configuration" dialog.
Create a subfolder in your application folder called "Reports" and place some document named report.doc there.
Compile and run your application. Log on and navigate to "Reports\report.doc". You should receive the document or be redirected according to your permissions in the Work Reports application.