For a page, I can check if user is logged using Session before displaying the page for my .net web application. However, if the url is a link to a file, I cannot make sure if user is logged in and it directly downloads the file from the server. I tried to check for cookie or session over Global.asax without success.
Edit: I am not looking for authentication over the server but rather through the session. I have the user logins in the database so I guess the web.config solution won't apply here.
Is it possible to check for session or cookie before a user can access a file on my server or to any url under a specific directory such as /documents?
Example: for access to the page /test.aspx, I can check if the session exists and if not, direct to the login page.
For access to a file such as /docs/file.pdf, I can not perform the same check.
I'm not sure how user gets the file name in the URL at first place. Perhaps that's whet you need to change. If you could add a table and save a GUID and the file name in the table, then url could pass the GUID as the parameter. On the server side you could map the GUID to the actual file and validate the session before returning the file.