Re: Uploaded document security in ASP.net
- From: Halcyon <Halcyon@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 17 Oct 2006 12:06:01 -0700
if you would like to restrict users to certain parts of the website, I would
suggest enable membership and roles, this way a user will be forced to logon,
see this video tutorial for help on membership and roles:
http://download.microsoft.com/download/3/6/0/3604c3d2-0db9-4726-910d-b3b8f93a86e4/hilo_membership-roles_final.wmv
--
The walls between art and engineering exist only in our minds
"Teemu Keiski" wrote:
Hi,.
I'd say you'd probably want to restrict the types of files to be uploaded,
when you can do this. Basically, you could map all extensions to ASP.NET
(just use wildcard *) but it has performance penalty also, since mapping
means that files are served through ASP.NET pipeline.
--
Teemu Keiski
ASP.NET MVP, AspInsider
Finland, EU
http://blogs.aspadvice.com/joteke
"sameer" <sameer@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A6195AE7-5786-4B66-AAF6-388656264A47@xxxxxxxxxxxxxxxx
Teemu, thanks for your reply but what if the user is uploading files with
different extensions that are not registered with IIS, they woudl be able
to
be viewed by the users unless i regsiter their extension with IIS. Other
then
this, isnt there any other way that i can restrict access to these file
for
users not logged in the application?
thanks
"Teemu Keiski" wrote:
Hi,
you need to map file extension in IIS for ASP.NET to handle (map
extension
to aspnet_isapi.dll). After that, forms authentication can take place
with
these files. For example with PDFs see this good post by Richard Dudley
http://aspadvice.com/blogs/rjdudley/archive/2005/05/21/2595.aspx
--
Teemu Keiski
ASP.NET MVP, AspInsider
Finland, EU
http://blogs.aspadvice.com/joteke
"sameer" <sameer@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:19A94EDC-B11F-4617-AE45-DF9B9BF80AF9@xxxxxxxxxxxxxxxx
Hi all,
my asp.net page lets the users uploads documents up to a folder on the
webserver and then shows hyperlinks on a page pointing to these
documents
so
that the user can click them open and all this is only for users logged
in
only. But the problem is that ones the user sees the name and part of
the
document they are able to browse to the document using this url without
even
logging in to the website,question is how can i restrict the user so
that
the
only way he can access documents form this folder is if they log into
the
website.
Please suggest.!!
Sameer
- References:
- Re: Uploaded document security in ASP.net
- From: Teemu Keiski
- Re: Uploaded document security in ASP.net
- From: Teemu Keiski
- Re: Uploaded document security in ASP.net
- Prev by Date: Re: Simple Timeout Question
- Next by Date: aspnetdb / aspnet_regsql.exe
- Previous by thread: Re: Uploaded document security in ASP.net
- Next by thread: Setting Div Width with % doesn't work in Content Page
- Index(es):
Relevant Pages
|
