Is it possible to require the user be authenticated (logged in) when downloading ZIP files from my site? Note that I don't have direct control of IIS7. (I'm on a shared hosting account.)
I can't simply alter the access for a particular directory because many directories are involved and most contain other files that can be accessed freely.
I've Googled this a bit and found similar questions. But I've been unable to find this exact question.
EDIT: This is specifically a programming question (even if the answer is that it can't be accomplished via programming). Also, it asks a very specific question. (Apparently, a couple of people were confused on these points.)
Here's how I resolved this:
I created a custom HttpHandler for ZIP files. What's really cool with IIS7 is that you can map a file to your handler in the new <httpHandlers> section of the web.config file.
The HttpHandler object receives an HttpContext object, which includes User.Identity.IsAuthenticated already filled out for me. I simply pass along the requested file if the user is authenticated, or redirect them to my login page if not.
With older versions of IIS and ASP.NET, it would be necessary to tweak IIS to map ZIP files to ASP.NET. However, IIS and ASP.NET are merging somewhat, making tasks like this much easier.