Hi,

I have a question that maybe someone can help me with. I'm using ASP.NET 2.0 for my web hosting, on IIS 6, against a leased, co-located server. Actually it's a shared hosting account. I understand all the normal dynamic content, that's why I went with this hosting setup.

But what I don't understand how to do, and probably need, is to for my code to field requests for files that don't exist ( and some that do ). A lot like the URLs of posts here.

Example. Somebody requests http://mysite.com/someFile.pdf - normally IIS will take this request, and either return the file in binary format, or a 404 error. My managed code doesn't even get to run in this situation. Instead, I would like for my code to run, check the HttpContext, make sure the user is authenticated and allowed to see the document; rather than simply returning a 404 I'd like to check alternate spellings, and if I can't figure out what the user is looking for, send down a partial directory listing according to their permissions and request.

But also, I don't want to deal with C++ ISAPI filters.

Can anybody give me advice on how to accomplish this?

The only thing I can think of, and my knowledge is based on classic ASP and not .NET, is to serve the download via a script-based link. In other words, have a script process the login and then adjust the Content-Type header to match the PDF doc.

Mind you, I've never attempted this for anything other than Word so I'm not sure how well it would work for a PDF.

You need to set the 404 to a custom page with URL as the type, you should be able to do this via whatever control panel you have or get the server techs to set it.

Then on that page run your code and serve the responses or the file accordingly.

Thanks for the advice, guys! I've got the two smartest guys in the room giving me advice, so it must be a unique problem.

I've been thinking along the same lines you guys suggested, only not as flushed out in strategy. My thought was to make all my links to something like /File.aspx?FileID=xxxxx and then from there, send down a mime type and then stream the bytes over the wire. I haven't figured out yet how this is going to work, but I'm thinking if I could get that to redirect to the 404 page, then it should be able to reap the query string.

But then I thought of a problem with this scheme. It's not only bad links I want to trap, some of the files will exist. And if somebody requests http://mysite.com/volunteer_stipends.pdf, if the file exists, IIS will send the file. That one, in particular, only a very few logged in users should have access to. Another reason to use ID #s instead of file names in my hyperlinks would be to add a little bit of security, but counting on people not to know the URLs seems to be a really bad security scheme.

So is there a way ( with C# in ASP.NET 2 ) to catch the event before someone downloads a file that's there? I'd like to look at who they are, and then decide whether they're authorized, and then return either the bytes in the file, or a redirect to my not authorized page.

Well, unfortunately I'm out of the equation now since I haven't worked in ASP.net yet (classic ASP only). Sorry, dude.

The only other thing I can think of that might work is PDF creation on the fly. A component like http://www.asppdf.com/ might do the trick . Again, I haven't used it, but I have used ASPUpload (the same company makes it) and it's a kickass component as far as uploading/manipulating files is concerned, so this should be okay too.

If that doesn't help though, you've pretty well used up all the ideas I have.

I think I understand what you're trying to do. You specifically mentioned the URLs here, and the one for your post is "http://www.webmaster-talk.com/asp-forum/76617-intercepting-urls-that-dont-exist.html" Probably there isn't a static html file by that name on this server. More likely the server sends the request off to some code that queries a database and renders the posts in this thread to html. You want to do something like that.

HttpHandlers and HttpModules are your friends. What you would need to do in the old days is write an Internet Server API ( "ISAPI" ) Filter, which you'd have to write in C++ and deploy as a dll file. Nowadays it looks like it's still a pain; you need to add them to machine.config and the web.config for your application, aside from actually writing the code you need.

I've worked with systems that use them, but haven't written any myself. But Google turned this up, which looks like it will help you:

http://www.15seconds.com/issue/020417.htm