Re: Securing files stored in virtual directory

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Sumaira Ahmad (sumaira.ahmad_at_gmail.com)
Date: 12/03/04 

Date: 2 Dec 2004 18:47:26 -0800

Thank you so much for your detailed response.. But i have a few
questions here:

Can i attach more than one resume in the same response
message??Associated with the key can be multiple resumes..
Also how will I link it to a hyperlink that I was initially using on
the client and setting it to the path of the resume such as
http://localhost/service1/xyz.doc
I set the hyperlink to map to a database column that contained the
resume path as shown above?? Now how can i view it on the client if I
use this method?? So do I have to temporarily store it somewhere in a
folder on the client and then view it??

Please let me know answers of these..If these are resolved I will go
ahead and make changes..
thank you so much for you time and energy...
Regards,
Sumaira

danro@microsoft.com (Dan Rogers) wrote in message news:<t35o$bL2EHA.2732@cpmsftngxa10.phx.gbl>...
> Hi Sumaria,
>
> Rather than save them as files, you may want to save them as BLOB's in a
> database, key them, and then retrieve a list of keys based on the
> Employer's request. Then create a new web method, perhaps called something
> like "Fetch" and have that look up the key passed, pull back the BLOB and
> attach that blob to the response using DIME/Soap attachments.
>
> This would solve the HTTP access issue nicely and eliminate the inevitable
> day when your web server falls over because its disk is full.
>
> I hope this helps
>
> Dan Rogers
> Microsoft Corporation
>
> --------------------
> From: sumaira.ahmad@gmail.com (Sumaira Ahmad)
> Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements
> Subject: Re: Securing files stored in virtual directory
> Date: 2 Dec 2004 10:06:41 -0800
> Organization: http://groups.google.com
> Lines: 57
> Message-ID: <1627c5ae.0412021006.2d95c58d@posting.google.com>
> References: <1627c5ae.0412010001.ce6c0a0@posting.google.com>
> <OFW#SK61EHA.3392@TK2MSFTNGP10.phx.gbl>
> NNTP-Posting-Host: 67.169.120.54
> Content-Type: text/plain; charset=ISO-8859-1
> Content-Transfer-Encoding: 8bit
> X-Trace: posting.google.com 1102010801 23520 127.0.0.1 (2 Dec 2004 18:06:41
> GMT)
> X-Complaints-To: groups-abuse@google.com
> NNTP-Posting-Date: Thu, 2 Dec 2004 18:06:41 +0000 (UTC)
> Path:
> cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.s
> ul.t-online.de!t-online.de!news.glorb.com!postnews.google.com!not-for-mail
> Xref: cpmsftngxa10.phx.gbl
> microsoft.public.dotnet.framework.webservices.enhancements:4992
> X-Tomcat-NG: microsoft.public.dotnet.framework.webservices.enhancements
>
> Hi Thank you so much for all your responses.. I am really very new to
> .NET and to WSE and it is taking me time to understand how to
> understand your replies.:-)..
>
> Let me explain my scenario a little bit more..
> I was implementing WS Secure conversation in an ASP.NET Application.
> I have anonynous access to the Web Service and in each method I check
> to see if the user has a valid security context token, and if yes he
> is allowed access to the web service.
> As a part of my project, i am storing Resumes of job applicants in the
> virtual directory of the web service running IIS. Within the
> application I am checking that if the Employer is authenticated and is
> authorized then he will be showed links to all the resumes such as
> http://localhost/Service/resume1.pdf.
> Later I realized that this link can be viewed directory from the
> browser too and that disturbed me..(little that I know of web services
> and WSE and ASP.NET).. All my users are authenticated against ADAM and
> authentication is checked in the CustomUsernameTokenManager..
>
> Now can someone please how can I avoid this issue.If I try and resolve
> it the way told, I fear it may disrupt my application.. or maybe
> not..I am not sure..
> Please tell me how to go about it..I sincerely request help, and a
> little detailed response to a newbie will be highly appreciated.
> I appreciate the time that you'll have already put in it and hope for
> some more to resolve this issue..which maybe really very minor and
> stupid for you'll..
>
> Thanks,
>
> Sumaira Ahmad
>
>
> Martin Kulov <kulov@bezbokluk.abv.bg> wrote in message
> news:<OFW#SK61EHA.3392@TK2MSFTNGP10.phx.gbl>...
> > Hi Sumaira,
> >
> > MTOM will address this problem. Recently it has entered proposed
> recommendation state [1]. However it is not supported in the current
> release of WSE. You can either wait for it or implement your own way of
> securing the attachements.
> >
> > [1]
> http://www.gazitt.com/OhmBlog/permalink.aspx/d2f5a87b-c31e-48fd-8f92-5db8317
> b7445
> >
> > Best,
> > Martin Kulov
> > www.codeattest.com
> >
> > > Hi,
> > >
> > > I am a big problem here and would really appreciate if someone would
> > > shed some light on it.
> > > My ASP.NET application stores files in the virtual directory of the
> > > Web Server. These files are sent as DIME attachments in SOAP Messages
> > > and stored on server. Now I realized that these files can be simple
> > > viewed on the browser. Is there anyway of securing these files because
> > > they contain information not for public use, only for authenticated
> > > authorized use.. Can we define some policies on the server for that..
> > > Please let me know,
> > > Thanks,
> > > Sumaira Ahmad
>
> --

Relevant Pages

  • RE: Help consuming third part web services
    ... // The web.config defines the target URL for the web service. ... string xResp = x.AuthenticateUser; ... report the response to the caller. ... I don't think I have a Client Proxy such as is created with WSDL.EXE ...
    (microsoft.public.dotnet.framework.webservices)
  • Re: Securing files stored in virtual directory
    ... multiple attachments. ... local file to an attachment, and the web service would receive ... the key as the response from the save step. ... and that exists still in the database. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: SOAP serialization problem
    ... I've snooped the SOAP response, ... this deserialization, but I've not found any that work. ... You're the client and you are the customer of a Web service that's for your use only. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Subscribing to Send Port Response messages
    ... Publishing Wizard' to create a web service (publish schema as a web ... port for me. ... Because there is no subscription created for the ... Because this is a two way port (by definition, as you wish to send a response) you have to find a way to return a response to the 2way receive port created for the web service. ...
    (microsoft.public.biztalk.general)
  • repost: getting a timeout when retreiving large data from web service
    ... I am calling a web service that requires WSE signing and encrypting. ... Everything works fine when the response is modest in size. ... I have setup both machine.config and my project web.config to allow buffer ... System.Xml.XmlLoader.LoadChildren(XmlNode parent) at ...
    (microsoft.public.dotnet.framework.webservices.enhancements)