473,614 Members | 2,101 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Securing attachments,e.g ., .pdf, .doc, .xls through web.config

Using VS2003, ASP.NET 1.1

Is it possible to secure files normally placed as attachments (such as word
docs etc.) and often placed in attachment directories within your web
application, using FORMS authentication and web.config and NOT using Active
Directory/NTFS persmissions (_all_ users will come in under the ASPNET user
account at the AD/NTFS level).

I am familiar with the fact that placing the following few lines into
web.config within a child directory, e.g., one of those "attachment
directories," effectively secures the files within from the general public
(if someone were to type the attachment URL out in an attempt to bypass the
home page, they would be kicked back to a login page):
<configuratio n>

<system.web>

<authorizatio n>

<deny users="?"/>

</authorization>

</system.web>

</configuration>.

That is great if you have one level of security but what if your web
application uses multiple levels of security, e.g., member, leader,
president, etc whereby some documents are meant for one level of user but not
the others (let alone the general public)? It seems as if the web.config
file has "authentica ted" and "not-authenticated" states only.

I know that one can set more restrictive NTFS persmissions on the resources
and have the user log in to some pages using integrated windows security but
that becomes unwieldy with hundreds/thousands of users who would probably not
manage their AD account very well anyway. I would like to stick with a
simple FORMS based authentication native to the web application using a
database back end.

ASPX pages themselves can be secured programmaticall y:
If Page.User.IsInR ole("President" ) Then
'do something like
else
Message.text = "You must be a president to view this page" 'Hide content
fields.

But what of files such as .doc, .pdf, .xls and other files often used to
deliver substantive report content? Effectively, lower level users can bypass
your web application security by simply typing out the URL to the file in
question after logging in themselves.

Is there a way for the web.config to intercept such users and kick them back
to a login or other page?

I know that individual users, roles, can be specified in the web.config
"allow", "deny" statements but the accounts these statements reference are
either Local machine or Domain (active directory) accounts not married to the
web application.

Thanks for any help. If someone can direct me to an article on this topic
as well I would appreciate it.
Jul 22 '05 #1
1 2846
http://www.aspfaq.com/5002

Ray at work

"win2kcowbo y" <wi*********@di scussions.micro soft.com> wrote in message
news:55******** *************** ***********@mic rosoft.com...
Using VS2003, ASP.NET 1.1

Jul 22 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
0
1017
Please help: Forms authentication - securing folders in application
by: Jurjen de Groot | last post by:
I have build an ASP.NET application and would like to protect various folders containing aspnet pages for various usertypes. /Admin /Manager /User I've created a login on the default.aspx in the root of the project. After typing username/password and hitting the login button the user is validated against a USER/ROLE Table in the database and an object having the
ASP.NET
9
1230
Securing XML documents on a ASP.net site....
by: Johan Pingree | last post by:
HOW in the world is this accomplished! I have an internet site I am prototyping and I need to be able to prevent "casual" browsing of XML documents. Using the web.config forms based authentication does nothing to prevent XML documents from being browsed. We obviously are not interested in turning on digest or basic authentication for this project. Every attempt to use ACL's has resulted in aspx pages having issues in reading and writing to...
ASP.NET
4
6723
Securing dB connection string in Web.config
by: Charlie | last post by:
Hi: I'm storing my dB connection in web.config file. Since it will be easily read by opening file, what is a good way to secure it? Thanks, Charlie
ASP.NET
4
3964
"Could not access 'CDO.Message' object" when sending attachments
by: Liz Patton | last post by:
Here's the exception: System.Exception: Unable to send mail: Could not access 'CDO.Message' object. ---> System.Web.HttpException: Could not access 'CDO.Message' object. ---> System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Runtime.InteropServices.COMException (0x80004005): Unspecified error --- End of inner exception stack trace ---
ASP.NET
5
1040
Securing Web Applications thru Form Authentication
by: A P | last post by:
Hi! I have existing web apps that was developed under ASP. I use form authentication by querying to a database if the user is allowed to use the application. I have read that ASP.NET is much easier to manage this kind of security. Can you help me with this? Me
ASP.NET
1
1281
Securing an ASP.NET Web site - code Examples
by: romy | last post by:
Hi I'm about to turn a public website into a secure members only website (after paying registration fee). I assume all I need for that purpose is to save users' information in an XML file and use form authentication method in web.config to prevent from anonymous users to enter. Programmatically speaking, I assume I'll need:
Visual Basic .NET
5
4871
DIME: Attachments.Add - Object reference not set to an instance of an object.
by: Joseph Geretz | last post by:
Here's my first attempt at DIME (code below signature). I'ts basically straight out of Microsoft's online sample: For some reason, the statement respContext.Attachments.Add(dimeAttach); trips the following error: Object reference not set to an instance of an object.
.NET Framework
2
1578
Frinavale
Securing a Connection String Within A Class Library
by: Frinavale | last post by:
Hello everyone! I'm having a problem securing my connection string. There are a lot of sites out there that explain how to secure a connection string in the Web.config or App.config file; however, my connection string is being used within a Class Library (implemented with VB.NET), which doesn't have these files. This class library is used by a web application to do all of my database manipulation so it is run under the ASPNET account....
.NET Framework
1
1496
Gathering Email Attachments
by: rottmanj | last post by:
So after a few hours of playing with my config file, I think I have it to a point where I am ready to start adding in the rest of the components to my perl application. One thing that I know I need to do is create a module that connects to an email server and downloads the emails with attachments to my server then delete the emails from the server regardless of if they have an attachment or not. I have tried playing with Net::POP3 but I am...
Perl
0
8176
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
8120
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
8571
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
6085
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
5537
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
4048
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
4115
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
2560
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
0
1420
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us