I have an application where the user is required to log in running on asp.net 2.0

I have added .doc and .pdf to the application extensions area so that outside users

cannot go directly to the .doc or .pdf file without logging in.

When I click on a .doc or .pdf file to view i get

Internet Explorer cannot display the webpage
when I take this out of the application extensions it works but then IIS is not controlling security.

Has anyone had this problem and what solution fixed it.


enable folder access rules via web.config file. then put all the secure files in that folder. it is really easy to implement.

acctually this is what fixed my problem

<add path="*.pdf" verb="*" type="System.Web.StaticFileHandler" />
			<add path="*.doc" verb="*" type="System.Web.StaticFileHandler" />