Re: password protect subdirectory and files within
From: Cowboy \(Gregory A. Beamer\) (N0SpamMPleezEgbworld@comcast.netN0SpamMPleezE)
Date: 10/28/02
- Next message: Cowboy \(Gregory A. Beamer\): "Re: User Class"
- Previous message: Cowboy \(Gregory A. Beamer\): "Re: ASP.Net en SQL2000 authorisation"
- In reply to: dustin: "password protect subdirectory and files within"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Cowboy \(Gregory A. Beamer\)" <N0SpamMPleezEgbworld@comcast.netN0SpamMPleezE> Date: Mon, 28 Oct 2002 12:49:43 -0600
Using the <location> section in the .config file, you can lock down any
number of pages and create this type of access. If users have to log in to a
domain, you can also secure with NTFS permissions. You will want to control
the links, if this is the method you employ.
I have not personally tried using <location> on a non-ASPX page, but I would
imagine it would work, as there is an HTTP ASP.NET object that uses the
web.config permissions to control the pages under its control. I could be
wrong, but try experimenting.
Another method is to serve up the PDF files through code and hide where they
are located from the user. We use this method on one of our sites right now.
You have to strip all but the @ directive from the ASPX page you are using
if you want the app to serve a PDF.
You also have the option to use Server.Transfer, which hides the file from
most people. A clever hacker can get the properties for the file, but the
average Joe will just see the showPDF.aspx designation in the address bar.
If you are primarily working on keeping the average Joe out, this is much
easier than dealing with the coding necessary to serve up a different
document type through code (although that is not too many lines of code).
-- Gregory A. Beamer MVP; MCP: +I, SE, SD, DBA Author: ADO.NET and XML: ASP.NET on the Edge **************************************************************************** **** Think outside the box! **************************************************************************** **** "dustin" <englishman11@hotmail.com> wrote in message news:d157b561.0210280259.6b612340@posting.google.com... > Hi, > > I'm upgrading from ASP 3.0 to ASP.NET and would like to know if > ASP.NET has introduced anything new to help protect files within a > subdirectory to see if you are a valid user which has logged into the > web application. > > Requirements. > > Users to browse site normally. However, when trying to go directly to > a file within the protected subdirectory, without having first logged > in, get an automatic faliure response, therefore not displaying the > file requested. > > e.g. URL: -- > www.mydomain.com/protectedsubdirectory/protectedFile.pdf > > response --> sorry, you must be logged in first > > Once logged in however using a MS SQL server to check username and > password, I would like for the members to be able to browse freely > through the protected subdirectory. > > I would not only like to protect aspx file, I would really like to > protect any files in the protected subdirectory. > > Is there an easy way to do this? and if not could someone point me in > the right direction as to tutorials, URL links, or documentation on > this subject please. > > thanks > > dustin_kovich > (Student of Life)
- Next message: Cowboy \(Gregory A. Beamer\): "Re: User Class"
- Previous message: Cowboy \(Gregory A. Beamer\): "Re: ASP.Net en SQL2000 authorisation"
- In reply to: dustin: "password protect subdirectory and files within"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
