Re: Uploaded document security in ASP.net

From: "Teemu Keiski" <joteke@xxxxxxxxxxxxxxx>
Date: Sat, 14 Oct 2006 00:13:12 +0300

Hi,

I'd say you'd probably want to restrict the types of files to be uploaded,
when you can do this. Basically, you could map all extensions to ASP.NET
(just use wildcard *) but it has performance penalty also, since mapping
means that files are served through ASP.NET pipeline.

--
Teemu Keiski
ASP.NET MVP, AspInsider
Finland, EU
http://blogs.aspadvice.com/joteke

"sameer" <sameer@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A6195AE7-5786-4B66-AAF6-388656264A47@xxxxxxxxxxxxxxxx

Teemu, thanks for your reply but what if the user is uploading files with
different extensions that are not registered with IIS, they woudl be able
to
be viewed by the users unless i regsiter their extension with IIS. Other
then
this, isnt there any other way that i can restrict access to these file
for
users not logged in the application?

thanks

"Teemu Keiski" wrote:

Hi,

you need to map file extension in IIS for ASP.NET to handle (map
extension
to aspnet_isapi.dll). After that, forms authentication can take place
with
these files. For example with PDFs see this good post by Richard Dudley

http://aspadvice.com/blogs/rjdudley/archive/2005/05/21/2595.aspx

--
Teemu Keiski
ASP.NET MVP, AspInsider
Finland, EU
http://blogs.aspadvice.com/joteke

"sameer" <sameer@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:19A94EDC-B11F-4617-AE45-DF9B9BF80AF9@xxxxxxxxxxxxxxxx

Hi all,

my asp.net page lets the users uploads documents up to a folder on the
webserver and then shows hyperlinks on a page pointing to these
documents
so
that the user can click them open and all this is only for users logged
in
only. But the problem is that ones the user sees the name and part of
the
document they are able to browse to the document using this url without
even
logging in to the website,question is how can i restrict the user so
that
the
only way he can access documents form this folder is if they log into
the
website.

Please suggest.!!
Sameer

Follow-Ups:
- Re: Uploaded document security in ASP.net
  - From: Halcyon

References:
- Re: Uploaded document security in ASP.net
  - From: Teemu Keiski

Prev by Date: execute client code when form submitted
Next by Date: Accessing DataItem in DataList
Previous by thread: Re: Uploaded document security in ASP.net
Next by thread: Re: Uploaded document security in ASP.net
Index(es):
- Date
- Thread

Relevant Pages

Re: sort by extension
... Not a "fan" of map() and grep() or just don't understand them? ... looks for an extension and returns a two element array ... modified list of originals and extensions side-by-side is then handed ...
(perl.beginners)
Re: porting union, map to gfortran
... ...code snippet using extension UNION/MAP elided... ... However, I do not know how to convert the union, map funtions to ... extension provided by some commercial compilers. ...
(comp.lang.fortran)
Re: Putney Green
... > The Bakerloo line station at Warwick Avenue used to (I think it's been ... > extension in south London. ... Liverpool Street already open as far as Mile End. ... or page 32 of "Mr Beck's Underground Map". ...
(uk.transport.london)
Re: teminology
... to extend "naturally" to a set B which contains as a proper subset ... It means the "obvious" extension. ... way that a map defined on A has an extension which is, ... B can be an inner product space, A a dense linear subspace, and ...
(sci.math)
Re: Number length, was Goodbye to copper? [Telecom]
... restrict international dialing to those with passwords in the INTL file. ... Extension restriction is an ancient function of dial-PBXs. ... Years ago employees and visitors who wanted to make personal ... According to the Bell Labs history, in the 1950s they developed a toll ...
(comp.dcom.telecom)