I'm looking for a solution concerning access restrictions using IIS6, a ASP.NET website ( SiteA , FW 2.0) and a website with static content ( SiteB ):
IsAuthenticated() = true/false
which checks authentication status for SiteA . SiteA-Root/subfolder/SiteB-Root
) SiteA-Root/subfolder/SiteB-Root
IsAuthenticated == true
for each request to SiteA-Root/subfolder/SiteB-Root
SiteA/Interceptor.aspx?referer=<Url of requested content of SiteB>
Interceptor.aspx
loads <Url of requested content of SiteB>
if IsAuthenticated() == true
or redirects to the login page otherwise Interceptor.aspx
writes the loaded stream to it's own response Interceptor.aspx
Any suggestions would be appreciated. Thanks.
The problem with IIS 6.0 ( or anything pre IIS7.0), is that it does not support requests for static contents go through the ASP.NET life cycle. And hence you cannot access the events defined in Global.asax and other ASP.NET features such as authentication/authorization.
But I guess there is a way to override that behavior, as explained in this post: http://www.devtoolshed.com/globalasax-events-iis-6-and-iis-7-static-resources
So, once you have configured this to pass the requests through the ASP.NET lifecycle, isn't it possible to capture the request in one of those appropriate Global.asax events, and then set a Session value that this request is already authenticated or not? You can use proper Forms Authentication as well.
So if a request comes for the static content (which is a part of the sub folder in SiteA itself), all you have to check (in one of the events in Global.asax) if the request is already authenticated for the session, if not redirect to login form. Since you are doing a pass-through in-case it is already authenticated, you shouldnt be having broken links as well.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.