I have a web app that uses forms authentication. The app also has a
downloads section, and I need to be able to use <location> tags to
control access to the downloadable files there (preferably by directory
instead of individual file.)
I understand that this behavior does not occur by default because IIS
does only maps certain file types (i.e. "*.aspx") to asp.net by
default. In other words, any user can download files that are within
the application's protected <location> tags simply by typing the
filename's url directly into the browser window. The request never
makes it to asp.net application, because IIS does not have those file
types mapped to asp.net.
After reading a couple of posts about this problem, I thought I could
fix it by creating IIS mappings for asp.net for the different file
types. And so I did this...I created IIS mappings for asp.net for
"*.exe", "*.pdf", "*.zip" and a few others.
It all seemed to work well at first, but...users began having problems
when downloading certain files. For example, the Acrobat Reader plugin
for IE and Firefox went haywire and quit working...it would just open a
blank white window! Similar problems were experienced when trying to
download zip files.
And so, I finally figured out that the mappings I had entered were
causing the problems, and I removed them. After that, of course,
everything started working normally again.
Now, the question...This approach is obviously not the best way to
control access to the files. Who knows a better way to do this?
2  1603 
Joey,
Here are two thoughts.
1) Save the file to a SQL Database (or Access) then retrieve and deliver the
file only to authorized users: http://aspalliance.com/articleViewer.aspx?aId=138&pId (This link shows
how to save an image to SQL. Saving a file would be similar.) http://aspalliance.com/articleViewer.aspx?aId=140 (This link shows how
to retrieve an image from SQL. Again a file would be similar.)
2) Another option would be to change the file extensions on each file to
..aspx extensions that would map to IIS normally thus locking users out. Then
you could use a separate page to read the file into a stream reader and
deliver it to the user. That would be done similarly to what this article
shows and in fact, this article deals with exactly what you need so you may
just follow it's instructions... http://www.codeproject.com/aspnet/Se...leDownload.asp
--
Sincerely,
S. Justin Gengo, MCP
Web Developer / Programmer www.aboutfortunate.com
"Out of chaos comes order."
Nietzsche
"Joey" <jo*********@to pscene.com> wrote in message
news:11******** *************@g 43g2000cwa.goog legroups.com... I have a web app that uses forms authentication. The app also has a
downloads section, and I need to be able to use <location> tags to
control access to the downloadable files there (preferably by directory
instead of individual file.)
I understand that this behavior does not occur by default because IIS
does only maps certain file types (i.e. "*.aspx") to asp.net by
default. In other words, any user can download files that are within
the application's protected <location> tags simply by typing the
filename's url directly into the browser window. The request never
makes it to asp.net application, because IIS does not have those file
types mapped to asp.net.
After reading a couple of posts about this problem, I thought I could
fix it by creating IIS mappings for asp.net for the different file
types. And so I did this...I created IIS mappings for asp.net for
"*.exe", "*.pdf", "*.zip" and a few others.
It all seemed to work well at first, but...users began having problems
when downloading certain files. For example, the Acrobat Reader plugin
for IE and Firefox went haywire and quit working...it would just open a
blank white window! Similar problems were experienced when trying to
download zip files.
And so, I finally figured out that the mappings I had entered were
causing the problems, and I removed them. After that, of course,
everything started working normally again.
Now, the question...This approach is obviously not the best way to
control access to the files. Who knows a better way to do this?
store the files outside the WWW path. Then use a GetFile.aspx page to check
their credentials and retrieve the file and stream it to them.
This allows you the ultimate in file access control without instituting
Windows security.
--
Curt Christianson
site: http://www.darkfalz.com
blog: http://blog.darkfalz.com
"Joey" wrote: I have a web app that uses forms authentication. The app also has a
downloads section, and I need to be able to use <location> tags to
control access to the downloadable files there (preferably by directory
instead of individual file.)
I understand that this behavior does not occur by default because IIS
does only maps certain file types (i.e. "*.aspx") to asp.net by
default. In other words, any user can download files that are within
the application's protected <location> tags simply by typing the
filename's url directly into the browser window. The request never
makes it to asp.net application, because IIS does not have those file
types mapped to asp.net.
After reading a couple of posts about this problem, I thought I could
fix it by creating IIS mappings for asp.net for the different file
types. And so I did this...I created IIS mappings for asp.net for
"*.exe", "*.pdf", "*.zip" and a few others.
It all seemed to work well at first, but...users began having problems
when downloading certain files. For example, the Acrobat Reader plugin
for IE and Firefox went haywire and quit working...it would just open a
blank white window! Similar problems were experienced when trying to
download zip files.
And so, I finally figured out that the mappings I had entered were
causing the problems, and I removed them. After that, of course,
everything started working normally again.
Now, the question...This approach is obviously not the best way to
control access to the files. Who knows a better way to do this?
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: G |
last post by:
Hi, I'm trying to import an Excel spreadsheet into Access 2000. I
select File>GetExternal Data>Import, but when I get to the dialog box
that asks me to select the file I want to import from, the pull-down
"files of type" list only lets me choose from Access file types.
It doesn't contain any Excel file types or any other file type at
all. If I type in my excel file manually it says "The ADP file is not
in the correct format for a...
|
by: dog |
last post by:
I've seen plenty of articles on this topic but none of them have been
able to solve my problem.
I am working with an Access 97 database on an NT4.0 machine, which has
many Access reports.
I want my users to be able to select a report, click on a command
button on a form, which will then automatically create the report as a
pdf file and save it to the user's machine.
I am using Adobe Acrobat (5.0 I think) and have Adobe Distiller as a
|
by: Grasshopper |
last post by:
Hi,
I am automating Access reports to PDF using PDF Writer 6.0. I've
created a DTS package to run the reports and schedule a job to run this
DTS package. If I PC Anywhere into the server on where the job is
running, the job runs sucessfully, PDF files got generated, everything
is good. If I scheduled the job to run at the time that I am not
logged into the server, Access is not able to print to the printer.
The error is pretty...
|
by: Chien Lau |
last post by:
I frequently define internal UserControl-derived classes in my WinForms
apps:
internal class MyUserControl:UserControl{
...
}
I'll often need to embed these controls in a Form, whose class is
contained in the same assembly as the control. As far as I know, the only
way to do this using the designer is to add the UserControl-derived object
|
by: Olav Tollefsen |
last post by:
I have the following in the Web.config file (root directory):
<authentication mode="Forms">
<forms name="Login"
loginUrl="Login.aspx"
protection="All"
timeout="60"
path="/" />
</authentication>
....
| | |
by: pberna |
last post by:
Dear all,
I built a Web Form application to start and stop a Windows Service remotely.
I successful tested the application on Windows 2000 server + IIS. I must
include the ASPNET user
to the Administration group (on server side) to have the necessary
authorization to start a Windows Service (I don't understand why "Power
User" rights are not enough to do the same thing)
Although I'm able to start a service using windows 2000 server...
|
by: Steven T. Hatton |
last post by:
I'm trying to work out a design for dynamically determining file types, and
for generating new files of a given type. I'm curious to know what others
think of my current strategy. Is it "so einfach wie möglich machen, aber
nicht einfacher" or "Rube Goldberg"?
The first part of this has to do with a technique used in the C++ Standard
Library, so I suspect the purist will not have any objection. It's the
approach used to build the...
|
by: Mihai |
last post by:
Hi !
I use VB.Net 2005.
I created an inherited user control based on a previosly created user
control.Everything is Ok . I can run this control with f5, everything is
fine. When I close Visual Studio and a open it again and load my project I
have the error:
One or more errors encountered while loading the designer. The errors
are listed below. Some errors can be fixed by rebuilding your project, while
|
by: csolomon |
last post by:
Hello:
I have something I would like to do and I was wondering if tab controls was the best route to accomplish it.
I have 5 categories of material types. I created the application from an excel sheet that had the categories listed. My boss would like my form to be as close as possible to the excel sheet. He would like for each material to be input by material type separately, which is currently not how I have it set up. currently, you...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
