In my asp.net application, I have a login page which secures the individual pages using session. Basically I want to allow all the people in my LDAP access to the individual pages. This is perfectly done by my login.aspx.
I handle the session thru global.asax events, which will check for the existance of the session variables and redirect thru the login page in case session is missing. This works fine for all the aspx files. But the global.asax event does not capture the session when the request comes for pdf/doc.
So the pdf/doc inside my application are unsecured in the sense any body can access that without login if they know the url or have bookmarked the url.
Is there any way to handle this situation? Please advice
Find your solution here...