Hi.
I have a folder that contains a lot of different documents. xls, .doc, .pdf
etc. Different users have access to different documents. The problem is
that if a user knows the name of a document then he can just write the path
into IE and get access to it anyway. Is it possible to prevent this?
Thanks,
Shawn
7  1467 
Shawn,
If it's required that people be able to download these (which I'm sure it
is), your best bet is to store them on the file system where they are
inaccessible directly. You can then use Response.Binary Write to stream
them down to the browser when legitimate.
Here's a small code sample that demonstrates a PDF file loaded both inline
and outside fo the browser.
Dim fs As New FileStream("c:\ directory\books .pdf"),
FileMode.OpenOr Create, FileAccess.Read )
Dim MyData(fs.Lengt h) As Byte
fs.Read(MyData, 0, fs.Length)
Response.Buffer = True
Response.Clear( )
Response.Conten tType = "applicatio n/pdf"
' Opens it outside browser
Response.AddHea der("content-disposition", "attachment ;
filename=books. pdf")
' Opens it inside browser
'Response.AddHe ader("content-disposition", "inline;
filename=books. pdf")
Response.Binary Write(MyData)
Response.End()
Hope that helps.
Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET ja******@online .microsoft.com
This post is provided as-is with no warranties and confers no rights.
-------------------- From: "Shawn" <bo********@hot mail.com>
Subject: Protecting documents
Date: Fri, 21 Nov 2003 13:20:58 +0100
Lines: 10
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <OH************ **@TK2MSFTNGP10 .phx.gbl>
Newsgroups: microsoft.publi c.dotnet.framew ork.aspnet
NNTP-Posting-Host: pc3.akermaritim e.no 193.161.152.243
Path:
cpmsftngxa07.ph x.gbl!cpmsftngx a10.phx.gbl!cpm sftngxa06.phx.g bl!TK2MSFTNGP08 .
phx.gbl!TK2MSFT NGP10.phx.gblXref: cpmsftngxa07.ph x.gbl microsoft.publi c.dotnet.framew ork.aspnet:1918 17
X-Tomcat-NG: microsoft.publi c.dotnet.framew ork.aspnet
Hi.
I have a folder that contains a lot of different documents. xls, .doc, .pdf
etc. Different users have access to different documents. The problem is
that if a user knows the name of a document then he can just write the path
into IE and get access to it anyway. Is it possible to prevent this?
Thanks,
Shawn
Shawn,
If you set the column to visible="false" you will still be able to access it
in the code-behind. If you need to access its value from the client, then
you are correct you can't set visible="false" .
If the latter is the case (you need to access the value from the client
code) you could try using <div> tags around it and setting it's visibility
with CSS.
--
Sincerely,
S. Justin Gengo, MCP
Web Developer / Programmer
Free code library at: www.aboutfortunate.com
"Out of chaos comes order."
Nietzche
"Shawn" <bo********@hot mail.com> wrote in message
news:OH******** ******@TK2MSFTN GP10.phx.gbl... Hi.
I have a folder that contains a lot of different documents. xls, .doc,
..pdf etc. Different users have access to different documents. The problem is
that if a user knows the name of a document then he can just write the
path into IE and get access to it anyway. Is it possible to prevent this?
Thanks,
Shawn
Shawn,
Sorry.
I was attempting to post to the message above yours.
--
Sincerely,
S. Justin Gengo, MCP
Web Developer / Programmer
Free code library at: www.aboutfortunate.com
"Out of chaos comes order."
Nietzche
"S. Justin Gengo" <sj*****@aboutf ortunate.com> wrote in message
news:eW******** *****@tk2msftng p13.phx.gbl... Shawn,
If you set the column to visible="false" you will still be able to access
it in the code-behind. If you need to access its value from the client, then
you are correct you can't set visible="false" .
If the latter is the case (you need to access the value from the client
code) you could try using <div> tags around it and setting it's visibility
with CSS.
--
Sincerely,
S. Justin Gengo, MCP
Web Developer / Programmer
Free code library at:
www.aboutfortunate.com
"Out of chaos comes order."
Nietzche
"Shawn" <bo********@hot mail.com> wrote in message
news:OH******** ******@TK2MSFTN GP10.phx.gbl... Hi.
I have a folder that contains a lot of different documents. xls, .doc,
.pdf etc. Different users have access to different documents. The problem
is that if a user knows the name of a document then he can just write the
path into IE and get access to it anyway. Is it possible to prevent this?
Thanks,
Shawn
Didn't quite understand what column visibility had to do with protecting
document folders :-)
"S. Justin Gengo" <sj*****@aboutf ortunate.com> wrote in message
news:%2******** ********@TK2MSF TNGP12.phx.gbl. ..
Shawn,
Sorry.
I was attempting to post to the message above yours.
--
Sincerely,
S. Justin Gengo, MCP
Web Developer / Programmer
Free code library at: www.aboutfortunate.com
"Out of chaos comes order."
Nietzche
"S. Justin Gengo" <sj*****@aboutf ortunate.com> wrote in message
news:eW******** *****@tk2msftng p13.phx.gbl... Shawn,
If you set the column to visible="false" you will still be able to access
it in the code-behind. If you need to access its value from the client, then
you are correct you can't set visible="false" .
If the latter is the case (you need to access the value from the client
code) you could try using <div> tags around it and setting it's visibility
with CSS.
--
Sincerely,
S. Justin Gengo, MCP
Web Developer / Programmer
Free code library at:
www.aboutfortunate.com
"Out of chaos comes order."
Nietzche
"Shawn" <bo********@hot mail.com> wrote in message
news:OH******** ******@TK2MSFTN GP10.phx.gbl... Hi.
I have a folder that contains a lot of different documents. xls, .doc,
.pdf etc. Different users have access to different documents. The problem
is that if a user knows the name of a document then he can just write the
path into IE and get access to it anyway. Is it possible to prevent this?
Thanks,
Shawn
Joao,
That will work as long as the file type you are requesting is mapped to the
aspnet_isapi.dl l. It's not recommended to map all of these file types to
ASP.NET.
Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET ja******@online .microsoft.com
This post is provided as-is with no warranties and confers no rights.
-------------------- From: "Joao S Cardoso [MVP]" <jj***@acinet.p t.n-o.s-p.a-m>
Subject: Re: Protecting documents
Date: Fri, 21 Nov 2003 16:26:46 +0000
Message-ID: <t2************ *************** *****@4ax.com>
References: <OH************ **@TK2MSFTNGP10 .phx.gbl>
X-Newsreader: Forte Agent 1.93/32.576 English (American)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Newsgroups: microsoft.publi c.dotnet.framew ork.aspnet
NNTP-Posting-Host: 213.13.118.94
Lines: 1
Path:
cpmsftngxa07.ph x.gbl!cpmsftngx a10.phx.gbl!TK2 MSFTNGXA05.phx. gbl!TK2MSFTNGP0 8
..phx.gbl!TK2MS FTNGP11.phx.gblXref: cpmsftngxa07.ph x.gbl microsoft.publi c.dotnet.framew ork.aspnet:1919 04
X-Tomcat-NG: microsoft.publi c.dotnet.framew ork.aspnet
You can do this 2 ways.
One, Jim's way.
The other is to srode diffrent file types in diffrent folders and then
configurediferent web.config files with the user's on each folder.
Joao Cardoso (MVP dotNET)
============== =============== =============== ===========
[LusoCoders]- http://groups.yahoo.com/group/lusocoders/
[PontoNetPT]- http://www.programando.net/regras.aspx
jj***@acinet.p t.n.o-s.p-a.m - www.acinet.pt
============== =============== =============== ===========
>Joao,
That will work as long as the file type you are requesting is mapped to the
aspnet_isapi.d ll. It's not recommended to map all of these file types to
ASP.NET.
Hi... ur right...
I just remember something... if he is using windows authentication perhaps is as
easy as changing the security settings for diffrent folders....
But still your way seems that will be the best for this scenario.
Joao Cardoso (MVP dotNET)
=============== =============== =============== ==========
[LusoCoders]- http://groups.yahoo.com/group/lusocoders/
[PontoNetPT]- http://www.programando.net/regras.aspx jj***@acinet.pt.n.o-s.p-a.m - www.acinet.pt
=============== =============== =============== ========== This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Yang Li Ke |
last post by:
Hi guys!
Anyone know a way so that users purchasing
my scripts would not be able to share them
with other people ?
Yang
|
by: StevePBurgess |
last post by:
I have a data driven website. Part of the website is a downloads
section - all the downloads are help in a folder called "downloads".
When a general user (i.e. one that doesn't have a log in) uses the site
and access the downloads page they are given a list of general
downloads. When a member who has logged in uses the site, the same page
presents the general downloads and the member only downloads.
This all works fine.
A slight hole...
|
by: nell |
last post by:
Hi all,
I've developed a testing application in python, and should supply it in
a way that no one (lets say they are regular users) will understand it
and edit it.
The application source is all python but we expose a UI written in C#
that go over all our code and expose to user functions (Indicated with
a special prefix).
So the problem on one hand is protecting the source and make it less
accessible ond on the other hand to make it...
|
by: Roland Hall |
last post by:
I read Aaron's article: http://www.aspfaq.com/show.asp?id=2276 re:
protecting images from linked to by other sites. There is a link at the
bottom of that page that references an interesting article about ways of
protecting your images from being downloaded. It was my understanding that
if the client sees it, then it's in the client cache. Am I wrong in this
belief or not?
I took the information in the article and created the .asp that...
|
by: darrel |
last post by:
I have a section of our site that I'm putting behind a password.
The template checks to see if a cookie was set, if not, it sends you to the
login page, where you enter in the pwd, and it sets the cookie allowing you
to then see the template page.
The template page sets a variable that each of the included content pages
then check for before loading.
So, as it's set up, you can not access the main template page nor any of the
| | |
by: Roman Werpachowski |
last post by:
In a recent thread http://tinyurl.com/8n7fe I asked about preventing
the user from deleting the object pointed to by a pointer/reference.
Now I would like to ask about a different aspect of this thing: it this
protection worth it? It is fairly obvious that deleting an object you
will need in the future is wrong. So is it worth to bother with
protecting it against deletion?
|
by: nitinpatel1117 |
last post by:
Hi all,
I have a question regarding the protection of software that has been built inhouse.
Basically, i've built an inhouse CMS using PHP, all web builds that were done for our clients were done by us through our CMS and hosted on our own servers.
Now the problem is that one of our clients now wants to host their Website themselves, which means that we have to also pass them our CMS, which is the backbone of the website. The main...
|
by: Porkie999 |
last post by:
-----------------------------------------------------------------------QUESTION
hi i am really stuck with this and its only a small problem.
i want to be able to type .........
dsfsjfjsjjfs in User Box
fjdjskfjds in password box
www.thescripts.com in website box
then i want to have a button which says "save" which then saves the 3 above pieces of text into a notepad file.
So like I said I want to be able to type a login, password and...
|
by: Andy B |
last post by:
Is there a way that is already built into .net 3.5 that will let me protect
an object from being modified when the object is public?
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
