Re: Securing access to other files in an ASP.NET application
From: NWx (test_at_test.com)
Date: 03/13/04
- Previous message: richlm: "Re: Eventlog permissions error"
- In reply to: Steve C. Orr [MVP, MCSD]: "Re: Securing access to other files in an ASP.NET application"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 13 Mar 2004 22:40:08 +0200
Thank you for your answer
Regards
"Steve C. Orr [MVP, MCSD]" <Steve@Orr.net> wrote in message
news:uaflEyGCEHA.1128@TK2MSFTNGP11.phx.gbl...
> Yes, you've got the idea.
> Standard windows file/folder permissions should be sufficient to protect
the
> files from direct access.
>
> --
> I hope this helps,
> Steve C. Orr, MCSD, MVP
> http://Steve.Orr.net
>
>
> "NWx" <test@test.com> wrote in message
> news:OOFsbyBCEHA.2628@TK2MSFTNGP11.phx.gbl...
> > Hi,
> >
> > > Otherwise you'll probably store your restricted files in a private
> folder
> > > and use Response.Writefile once you've determined the user is
> authorized:
> > >
> >
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemwebhttpresponseclasswritefiletopic.asp
> >
> > So, to use this technique, instead of putting an hardcoded anchor in my
> > template column, should I put a hyperlink button with appropriate
> > parameters, so when user click it, it will trigger a server-side event
> which
> > will execute a response.writefile, passing the desired file back to
> browser?
> >
> > How can I make a folder restricted? Should I do this using WinNT folder
> > security features, or put it outside of virtual web folder (in a folder
> not
> > accessible from the web site)?
> >
> > Which approach will be better?
> >
> > Thank you very much for your answer.
> >
> >
> >
> >
> >
> >
> > >
> > > --
> > > I hope this helps,
> > > Steve C. Orr, MCSD, MVP
> > > http://Steve.Orr.net
> > >
> > >
> > > "NWx" <test@test.com> wrote in message
> > > news:uNW0rvACEHA.3928@TK2MSFTNGP09.phx.gbl...
> > > > Hi,
> > > >
> > > > I have an ASP.NET app with forms security.
> > > > User are allowed to upload files (which are "attached" to user
> accounts
> > in
> > > > database)
> > > > Documents are saved in a subfolder of the application, then in a
> > > > sub-subfolder with the same name as user account.
> > > >
> > > > For example, for user jo, the document will be saved in
> > > > documents/jo/a_picture.jpg
> > > > Then after logon, user can see all his attached documents in a
> datagrid,
> > > > with a link to open/download
> > > >
> > > > But, if user remember the url without being logged in, and type it
> into
> > > the
> > > > browser's address bar, he/she can open / download the document.
> > > >
> > > > How can I extend the security features of ASP.NET form's security to
> > > protect
> > > > not only ASPX pages, but also all other documents in application's
> > virtual
> > > > folder and subfolders?
> > > >
> > > > Thank you
> > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Previous message: richlm: "Re: Eventlog permissions error"
- In reply to: Steve C. Orr [MVP, MCSD]: "Re: Securing access to other files in an ASP.NET application"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
