How do I configure user authorization on dynamically created resources in an ASP.NET web app using Forms authentication?

You can’t ensure this. With forms authentication and authorization you have to be explicit, listing concrete users or roles. No chance to specify this dynamically For dynamically created resources I use generic handlers.

With this approach there is no need for protecting temporary files, because there are no temporary files. The content is directly streamed to the user. In this approach your protection is part of your application logic, possibly inside the generic handler.

You can’t ensure this. With forms authentication and authorization you have to be explicit, listing concrete users or roles. No chance to specify this dynamically.

For dynamically created resources I use generic handlers. With this approach there is no need for protecting temporary files, because there are no temporary files. The content is directly streamed to the user.In this approach your protection is part of your application logic, possibly inside the generic handler.

Ok, so basically, I'd have to look at something like this: learn.iis. Net/page. Aspx/366/…, develop my own handler to catch a URL pointing to some virtual resource, apply application logic to secure the content, and finally stream that content back to the client?

– Triynko Mar 29 at 19:01 Basically that's a way you can go. I prefer a slightly different approach to integrate the generic handlers using url routing. This is described here petesdotnet.blogspot.Com/2009/09/… - It works without separate assemblies and IIS configuration.

Another benefit of url routing is that you can present your content with the right file extension instead of ashx. – Dirk Mar 30 at 7:17.

You can store the dynamically generated content as a blob in a database table rather than on the file system. Secure access to the record through normal application security logic.

I'm well aware of many other ways to store and secure arrays of bytes. There is no database involved here. The question is how to secure files in the file system, served by IIS 7, that can be accessed by a URL in a web browser.

I'm specifically interested in how to secure such files in the context of the ASP. NET authorization system, when using Forms authentication. For example, what setting (and where would this setting be found) would cause all files to be inaccessible unless the user has authenticated as something other than the anonymous user.

– Triynko Mar 29 at 14:58.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.