开发者

Resend ASP.Net Authentication:

问答 作者:

I have a Asp.net Web Project using authentication mode="Forms". My login works perfectly.

Now the Problem is th开发者_如何学Pythonat I have a link in a site that is only available to authorized users. It is possible that the pdf file of that link does not exist.

What I want to do is to verify the availability of the pdf with a HttpWebRequest. Since the pdf file is only available for authorized users (web.config/location/system.web/authorization) I have to mark the HttpWebRequest as authrorized. But I don't have the logincredentials at this time (only when the user logs in and the .net framework woun't get me the password of the user)

Has anyone an idea how to send the already established authorization with a new HttpWebRequest?

thanks

moe

Just re-reading your question. As I understand you have a site A containing a PDF that is secured by forms authentication. You have another site B without authentication and you want to do something server-side on site B based on whether the link on A exists.

To do this you can make a HttpWebRequest and check the status code. 401 means the link exists but requires authentication. 404 means it does not exist.

HttpWebRequest myHttpWebRequest = (HttpWebRequest)WebRequest.Create(url); 
using (HttpWebResponse myHttpWebResponse = (HttpWebResponse)myHttpWebRequest.GetResponse())
{

   if (myHttpWebResponse.StatusCode == HttpStatusCode.Unauthorized)
   {
      // link exists, requires authentication
   }
   else if (myHttpWebResponse.StatusCode == HttpStatusCode.NotFound)
   {
      // link does not exists
   }                                         
}

Alternatively you could use a service account with known credentials and authenticate the request. Forms authentication with HttpWebRequest is not easy, as forms uses a cookie which you would need to replicate.

I have to say designing an application in this way is not a good idea, and you should definitively consider caching. These kinds of server-side calls come with a performance hit and don't scale well.

At the time i found no solution to resend the authentication so i moved the verification if the user is alowed to access a certain file to a own http-handler. Now I can generate the links to the pdf-file accessible through the http-handler and can verify the user within the processrequest through the httprequest.user object.

继续阅读:asp.netauthorizationhttpwebrequest

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9