restrict access to the users

Question

I nave to allow users of my intranet to load any HTML pages. Users can load only the html pages that start with their username, for example:

User: 972547J 
Pages: 972537J*****.HTML

I used asp.NET and VB.net, i created a gridview only with the linkbutton of the pages with 972537J****.HTML (for this user)

That pages are confidentially, then i don't want that users change manually the link and show the HTML pages of other users.

Can i deny users not open html pages of others? With web config setting or iis7 config? The HTML pages are not editable

Answer 1

The first step is to setup IIS to handle .html files using the asp.net

And the second step is to use the global.asax to check the file names with the user login if they allowed to view them.

Here is a simple code to start, belong to global.asax:

protected void Application_BeginRequest(Object sender, EventArgs e) 
{
    // you may need this
    HttpApplication app = (HttpApplication)sender;

    // start by check if is html file
    string cTheFile = HttpContext.Current.Request.Path;
    string sExtentionOfThisFile = System.IO.Path.GetExtension(cTheFile);

    if (sExtentionOfThisFile.Equals(".html", StringComparison.InvariantCultureIgnoreCase))
    {
        // check if the user is logged in
        if(  HttpContext.Current.User == null || 
             HttpContext.Current.User.Identity == null || 
            !HttpContext.Current.User.Identity.IsAuthenticated)
          )
        {
            // redirect him where you like
        }
        else
        {
            // make the rest test here
            // HttpContext.Current.User.Identity
        }
    }
}

reference for the handler:
Using ASP.NET routing to serve static files
ASP.NET MVC Routing - add .html extension to routes
http://technet.microsoft.com/en-us/library/cc770990(v=ws.10).aspx