Re: Securing access to other files in an ASP.NET application

From: NWx (test_at_test.com)
Date: 03/13/04

  • Next message: Daveed: "ASP.NET Page does not works after move"
    Date: Sat, 13 Mar 2004 22:40:08 +0200
    
    

    Thank you for your answer

    Regards

    "Steve C. Orr [MVP, MCSD]" <Steve@Orr.net> wrote in message
    news:uaflEyGCEHA.1128@TK2MSFTNGP11.phx.gbl...
    > Yes, you've got the idea.
    > Standard windows file/folder permissions should be sufficient to protect
    the
    > files from direct access.
    >
    > --
    > I hope this helps,
    > Steve C. Orr, MCSD, MVP
    > http://Steve.Orr.net
    >
    >
    > "NWx" <test@test.com> wrote in message
    > news:OOFsbyBCEHA.2628@TK2MSFTNGP11.phx.gbl...
    > > Hi,
    > >
    > > > Otherwise you'll probably store your restricted files in a private
    > folder
    > > > and use Response.Writefile once you've determined the user is
    > authorized:
    > > >
    > >
    >
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemwebhttpresponseclasswritefiletopic.asp
    > >
    > > So, to use this technique, instead of putting an hardcoded anchor in my
    > > template column, should I put a hyperlink button with appropriate
    > > parameters, so when user click it, it will trigger a server-side event
    > which
    > > will execute a response.writefile, passing the desired file back to
    > browser?
    > >
    > > How can I make a folder restricted? Should I do this using WinNT folder
    > > security features, or put it outside of virtual web folder (in a folder
    > not
    > > accessible from the web site)?
    > >
    > > Which approach will be better?
    > >
    > > Thank you very much for your answer.
    > >
    > >
    > >
    > >
    > >
    > >
    > > >
    > > > --
    > > > I hope this helps,
    > > > Steve C. Orr, MCSD, MVP
    > > > http://Steve.Orr.net
    > > >
    > > >
    > > > "NWx" <test@test.com> wrote in message
    > > > news:uNW0rvACEHA.3928@TK2MSFTNGP09.phx.gbl...
    > > > > Hi,
    > > > >
    > > > > I have an ASP.NET app with forms security.
    > > > > User are allowed to upload files (which are "attached" to user
    > accounts
    > > in
    > > > > database)
    > > > > Documents are saved in a subfolder of the application, then in a
    > > > > sub-subfolder with the same name as user account.
    > > > >
    > > > > For example, for user jo, the document will be saved in
    > > > > documents/jo/a_picture.jpg
    > > > > Then after logon, user can see all his attached documents in a
    > datagrid,
    > > > > with a link to open/download
    > > > >
    > > > > But, if user remember the url without being logged in, and type it
    > into
    > > > the
    > > > > browser's address bar, he/she can open / download the document.
    > > > >
    > > > > How can I extend the security features of ASP.NET form's security to
    > > > protect
    > > > > not only ASPX pages, but also all other documents in application's
    > > virtual
    > > > > folder and subfolders?
    > > > >
    > > > > Thank you
    > > > >
    > > > >
    > > > >
    > > >
    > > >
    > >
    > >
    >
    >


  • Next message: Daveed: "ASP.NET Page does not works after move"

    Relevant Pages

    • Re: Securing access to other files in an ASP.NET application
      ... > Standard windows file/folder permissions should be sufficient to protect ... > files from direct access. ... >> How can I make a folder restricted? ...
      (microsoft.public.dotnet.framework.aspnet)
    • Re: Password Protect a webpage
      ... supporting images to the public_html folder. ... files available to members and their description. ... will be able to download the file. ... protect, to that protected subfolder is the most "logical" solution to ...
      (microsoft.public.publisher.webdesign)
    • Re: Password Protect a webpage
      ... supporting images to the public_html folder. ... the files available to members and their description. ... will be able to download the file. ... to protect, to that protected subfolder is the most "logical" solution ...
      (microsoft.public.publisher.webdesign)
    • ANN: Folder Castle 2.2 - Protect Your Files and Peace of Mind
      ... Folder Castle 2.2 is everything you need to ... protect your files and peace of mind at home and in the workplace. ... so no snoop will ever be tempted by ...
      (alt.computer.security)
    • ANN: Folder Castle 2.2 - Protect Your Files and Peace of Mind
      ... Folder Castle 2.2 is everything you need to ... protect your files and peace of mind at home and in the workplace. ... so no snoop will ever be tempted by ...
      (alt.privacy)