Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles
(untagged)

Application Extension Mapping in a Shared Server Hosting Enviornment

0.00/5 (No votes)
11 Jul 2005 1  
Protect any file type in a certain folder with login.

Add/Edit Application Extension Mapping Dialog Box

Introduction

My ISP told me I couldn't have Application Extension Mapping on a shared server hosting package. I can't afford a dedicated server so I put together this sample program to install on the ISP I was considering moving to. First I emailed a lot of Windows ISPs a Pre-Sales question: I need to add PDF extension to FileMapping so it will be processed by aspnet_isapi.dll. In my ASP.NET application I redirect all requests for PDF to a login screen. What's the most economical plan you have that can do this? See description here: MSDN. A few ISPs agreed to do it so I signed up with one. If the test program runs within the 30 day trial period, I am good to go. If not I get my money back and move down the list.

Background

ASP.NET doesn't protect file extensions outside the ASP family. To do that you map an extension to the ASP executable in IIS. Use the Web.config file to tell your application the mode of authentication (Forms), what extension to watch for (.PDF), and who will handle it (MyHandler.dll). Write an HTTP handler to take the HTTP request and run it through the ASP executable (aspnet_isapi.dll). Web.config brings up Login.aspx.

More:

Install

  1. Extract AppMapFileTest.zip.
  2. Create a virtual folder in IIS that points to the physical directory (where AppFileMapTest.csproj is).
  3. Copy the MyHandler.dll from the obj/Debug directory of MyHandler to the bin directory of AppMapFileTest.
  4. Do steps 24 through 43.
  5. Open AppMapFileTest.csproj in Visual Studio, compile and run.

Build from Scratch

Open VS.NET: select New Project. Language: C#. Type: Web Application. Name: AppMapFileTest.

  1. Solution Explorer - Right click AppMapFileTest - Add Web Form - Name: index.aspx.
  2. Drag from toolbox one Label. Properties - Text: Welcome.
  3. Solution Explorer - Right click AppMapFileTest - Add Web Form - Name: Login.aspx.
  4. Drag from toolbox one Label. Properties - Text: UserID.
  5. Drag from toolbox another Label. Properties - Text: Password.
  6. Drag from toolbox one TextBox. Properties - Text: txtUserId.
  7. Drag from toolbox one TextBox. Properties - Text: txtPassword.
  8. Drag from toolbox one Button. Properties - Text: Login, Name: cmdLogin.
  9. Solution Explorer - right click index.aspx - Set As Start Page.
  10. Test by running app. You should see a browser window with 'Welcome' in it.
  11. Go to Windows Explorer and add a folder inside this project called scores.
  12. On the index page click on HTML at the bottom left of the page.
  13. The line after the <body MS_POSITIONING="GridLayout"> tag makes two hyper links:
    • <a href="example.pdf"target=_blank>Example Page</a>
    • <a href="scores/buynow.pdf"target=_blank>Buy Now</a>
  14. Go to Windows Explorer and put example.pdf in the root directory of the application and buynow.pdf in a new folder called scores. I got most of the next project from here.
  15. Start a new instance of VS.NET.
  16. VS.NET: New Project. Language: C#. Type: Class Library. Name: MyHandler.
  17. Create a class that derives from IHttpHandler.
    using System;
    using System.Web;
    
    namespace MyHandler
    {
        /// <summary>
    
        /// Summary description for NewHandler.
    
        /// </summary>
    
        public class NewHandler : IHttpHandler
        {
            public NewHandler()
            {
                //
    
                // TODO: Add constructor logic here
    
                //
    
            }
            #region Implementation of IHttpHandler
            public void ProcessRequest(System.Web.HttpContext context)
            {
                string FileName = context.Server.MapPath(context.Request.FilePath);
                context.Response.WriteFile(FileName);
            }
    
            public bool IsReusable
            {
                get
                {
                    return false;
                }
            }
            #endregion
        }
    }
  18. Compile this and copy the MyHandler.dll from the bin/Debug folder into the bin folder of the AppMapFileTest application.
  19. Run the AppMapFileTest application. Both links should open in separate pages with no login required.
  20. Open web.config.
  21. Edit the line: <authentication mode="Windows" /> to be:
    <authentication mode="Forms" >
         
        <forms name=".reelbook" loginUrl="Login.aspx"/>
            
    </authentication>
  22. After the <system.web> and right before the </system.web> tag, add:
    <httpHandlers>
        <add verb="GET" path="scores/*.pdf" type="MyHandler.NewHandler,MyHandler"/>
    </httpHandlers>
  23. After the </system.web> tag but before the </configuration> tag, add:
     <location path="scores">
      <system.web>
            <authorization>
                <deny users="?" />
            </authorization>
        </system.web>
       </location>
  24. Test the app. It still requires no login.
  25. Open Control Panel/Administrative Tools/Internet Information Services.
  26. Expand (local computer).
  27. Expand Web Sites.
  28. Expand Default Web Site.
  29. Right click AppFileMapTest.
  30. Choose Properties.
  31. In the Directory tab, click the Configuration button.
  32. In the Application Configuration dialog box, click the Add button.
  33. In the Add/Edit Application Extension Mapping dialog box, click Browse.
  34. In the Open dialog box, choose files of type .dll and navigate to the C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322 folder.
  35. Double click on aspnet_isapi.dll.
  36. In the Add/Edit Application Extension Mapping dialog box, type .pdf in the Extension textbox (don't forget the dot).
  37. Under Verbs, I only need GET, so click the radio button 'Limit to' and enter GET in the textbox.
  38. Uncheck 'Check that file exists' checkbox.
  39. Click OK.

    Hey! the OK button is all grayed out! After a long Google afternoon, I found this.

  40. Click on the textbox itself and the path will fully expand, enabling the "OK" button so you can save the mapping.
  41. Click Apply.
  42. Click OK.
  43. Click Apply.
  44. Click OK.
  45. Test the app.
    • Click on the Example Page link - it works as before.
    • Click on the Buy Now link - it goes to the Login.aspx page.
    • Click the Login button - Nothing.
  46. In Visual Studio, go to Login.aspx Design View and double click on the Login button.
  47. Inside the cmdLogin_Click method, add one line of code:
    FormsAuthentication.RedirectFromLoginPage(txtUserId.Text, false);

    Run it. It doesn't like FormsAuthentication.

  48. Add a using statement: using System.Web.Security;.

    Now it works. You have to login to get the Buy Now page.

Conclusion

A session cookie called reelbook named inside the <authentication mode="Forms" > tag of our Web.config is used so you don't have to login again until your next session. Only the folder set with the Add/Edit Application Extension Mapping dialog box will filter out PDF files to be processed by aspnet_isapi.dll. To prove this, right click on the default web site in the Internet Services Manager. Do steps 29) and 30). There's no PDF in the list which means that only the files in the folder you specified get sent to aspnet_isapi.dll. I don't think this will cause a performance problem in a shared hosting environment unless of course you get millions of hits for your valuable digital property. And if that's the case then you can afford to get a dedicated server in the first place. Anyway, my new ISP implemented this server-side tweak in less than an hour. I'm sure giving them this step by step page helped. You can never make too many friends in your ISP's Tech Support Group.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here