Solution 1 (Quick Way)
Handel the
AuthenticateRequest
event in the Global.asax file.
protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
string url = HttpContext.Current.Request.Url.AbsolutePath;
string extension = System.IO.Path.GetExtension(url);
switch (extension.ToLower())
{
case ".doc":
case ".rar":
case ".zip":
if (HttpContext.Current.User == null || !HttpContext.Current.User.Identity.IsAuthenticated)
Response.Redirect("Login.aspx");
break;
}
}
Solution 2 (Better Way)
Store all of your downloadable document in a folder and apply the authentication rules on that.
<configuration>
<location path="Download">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
</configuration>
Solution 3 (Best Way)
Write a Http Handler and pass a document identifier to it, it will be the responsibility of the handler to render the file after checking the user credential.