ASP.NET Forms Authentication via Querystring

I currently have an ASP.NET 3.5 SP1 running on IIS 7. I have enabled forms authentication using .NET Membership and setup some folders that are restricted according to roles I have created. For instance, if an anonymous visitor tries to access the file http://www.example.com/restricted/foo.txt, he/she will be redirected to a login page, as expected. So far so good.

What I would like to do is provide access to protected files by allowing visitors to specify their login credentials in a query string, something alone the lines of:

http://www.example.com/foo.txt?user=username&pass=pwd

Is this possible at all?

Solution

you should be able to write an http module that intercepts the request and authenticates the user based on the querystring. However, just for the sake of completeness, I'd like to question whether it's a good idea to provide users their username and (in particular) password in plaintext.

jQuery UI " $("#datepicker").datepicker is not a function"
Why do nested locks not cause a deadlock?
How import WebApplicationBuilder in a Class Library?
video file loaded sucussefully when run my website locally but not after publishing
Does the client knowing all the endpoint names pose a security risk?
Paging, sorting, searching on Ajax View in asp.net mvc
Dynamically added ListBox's EventHandler is not firing on ASP.Net
Asp.Net Core create a controller to send emails using SendGrid
How to constrain a POST call to just one submit button in ASP.NET Web pages?
Resx file default 'internal' to 'public'
How do I attach the debugger to IIS instead of ASP.NET Development Server?
Publishing ASP.NET Core 7 Web API on Windows Plesk - error: Could not load file or assembly 'Microsoft.Data.SqlClient'
Invoking SignalR from Postman
Parse ajax json response
How to update a List<> item's property in C#
In-line validation with dynamic components in Blazor/Mudblazor
How do I pass a Model from a View, to another view, without data getting Lost?
Process.Start(...) Suddenly Fails when Called by ASP.NET MVC 5 Running in IIS on Windows 10 and Windows Server 2019
How do you include a non-referenced dll when publishing a web application?
IIS 7.5 only shows directory list or 403 instead of ASP.NET Application
The request was aborted: Could not create SSL/TLS secure channel
Entity Framework vs Direct Data Access
How can I set Async="true" for all pages?
How do I encrypt URLs in ASP.NET MVC?
Login failed for user 'NT AUTHORITY\NETWORK SERVICE'
Publish ASP.NET app without certain folders
Multiple database in one transaction in Entity Framework
VSTS Build Pipeline: Test fails connecting to Azure Key Vault
How to Get BootStrapper.exe work in Windows Azure?
How to fix "No .NET SDKs were found." error--VSCode