Last post Jun 23, 2006 12:57 PM by TechBear
Jun 22, 2006 01:32 PM|TechBear|LINK
On a new website I am setting up, I want to implement ad hoc authentication. Because the site will contain PDF, DOC and other "non standard" files, I pointed these file types to be processed by aspnet_isapi.dll. I then had to write a custom httpHandler class
for each file type so that ASP.NET would know what to do with the file (sample code of the handler below.) Now, if an anonymous user requests one of these files, he is taken to the Login.aspx page, authenticated, then the document is loaded within the browser.
Then, I turned on SSL.
Everything still works as described if the document is requested using http. If the user makes the request using https, however, the request for the document crashes. Instead of loading in to the browser, the File Download pops up, as if the Content-Disposition
header had been set. If either Open or Sae are selected, an error box appears saying that Internet Explorer could not download the file from the server, as the requested site is either unavailable or cannot be found.
I suspect the problem is in how https is handling the stream from context.Response.WriteFile. At this point, though, I've been banging my head against the wall so long that I can't figure out how to fix this. Any help would be much appreciated.
Public Sub ProcessRequest(ByVal context As System.Web.HttpContext) _
'Verify that the document exists
If Not HostingEnvironment.VirtualPathProvider.FileExists(context.Request.Path) Then
context.Response.StatusCode = 404
'Reset the Response object
context.Response.Buffer = True
'Document is not to be cached and should expire immediately
'Set other headers
context.Response.ContentType = MimeType
'Write to the system
Jun 23, 2006 12:57 PM|TechBear|LINK
Found the answer.
The problem is described (sort of) in
this MS article. The solution is to remove the SetCacheability and SetNoStore method calls.