Hello, I have some files that I don't want to be able to do be downloaded by anonymous users. I thought the answer was just use the ASP.net login controls, and set the Web.Config file to deny anonymous users to the directory. It turns out that it only works for Asp.net pages or things that go through the ASPNET engine, and not static content or dynamic stuff handled by other engines (e.g. CGI, ASP)

I'm wondering how I can lock out the directory, but allow users who are logged in (via the asp.net controls) into the directory, free to download everything.

Thanks,
Kyle Gobel

you could have the authentication done through windows (you'd have to contact support@hostmysite.com to get this setup). if you want to do it through .net, then you'll have to have different application extensions (cgi, asp...) interpretted through the .net engine (i think that works). This also would have to be done by the support team. The nice thing is, you can define those extensions to use .net in a particular sub-folder only, so your whole site doesn't have to give up using those extensions with their native engine.

Kyle - my thought is the best way would be put all the static files in their own directly, e.g. /static. Then ask HMS support to remove read access to this directory in IIS - this way no one can directly access the files

Then, within your application, make a simple "funnel" script that just:
* verifies that a user is logged in
* passes a file to them

So for instance a user would go to:
http://mydomain.com/funnel.aspx?file=image.png

The script would just grab the file and send the user the appropriate content-type headers and then the content of the file