Hi all, We are trying to make an ISAPI Filter, in .NET by implementing the
IHttpModule interface, that will authorize the request for certain binary
file types (GET), this is working fine. But we also want it to authorize the
upload of binary files (PUT), The problem with the PUT-scenario is that the
file is *not* uploaded when its extension *is* mapped up in IIS, by mapped
up I mean the Application Mappings displayed when clicking on the
configuration button on the property page for the [virtual folder]/[web
application] in question. We have tried this both with and without our
assembly running in the upload directory, the same happens either way, the
file is uploaded as long as its extension is *not* mapped up in IIS, when I
map up the extension I am no longer able upload files with that extension.
By running these tests we have verified that our code is not the black sheep
in the current scenario. So what I want to know is, could this be a bug? Or
is this a security concern and what I am trying to do is not allowed?
Regards,
Kenneth Myhra 2 1627
"Kenneth Myhra" <ke**********@hotmail.com> wrote in message
news:e6**************@TK2MSFTNGP12.phx.gbl... Hi all, We are trying to make an ISAPI Filter, in .NET by implementing the IHttpModule interface, that will authorize the request for certain binary file types (GET), this is working fine. But we also want it to authorize
the upload of binary files (PUT), The problem with the PUT-scenario is that
the file is *not* uploaded when its extension *is* mapped up in IIS, by mapped up I mean the Application Mappings displayed when clicking on the configuration button on the property page for the [virtual folder]/[web application] in question. We have tried this both with and without our assembly running in the upload directory, the same happens either way, the file is uploaded as long as its extension is *not* mapped up in IIS, when
I map up the extension I am no longer able upload files with that extension. By running these tests we have verified that our code is not the black
sheep in the current scenario. So what I want to know is, could this be a bug?
Or is this a security concern and what I am trying to do is not allowed?
Regards, Kenneth Myhra
I have never used HTTP PUT, but I guess the reasoning is this:
when a file with a mapped extension (say "aspx") is uploaded and
stored, how should IIS know how to treat this file upon request?
As it has an aspx extension, it should be handled by the asp.net
subsystem, rather than just upload the contents.
So, even if you could disable security so upload is possible,
then you might not get the expected contents when you try to
retrieve it!
Maybe you could have an upload directory where no mappings
at all are defined?
Hans Kesting
Hi Hans thanks for your reply! I am not trying to upload .aspx files, which
I see now is not either possible when the mapping is in place, but .doc,
..zip and other binary files. I have manually set the mapping to these files
because I want to be able to authorize the put request by using an
IHttpModule instead of using a C++ ISAPI filter so the option of having an
upload directory where there are no mappings is not acceptable in the
current scenario, because I want the asp.net subsystem to handle the request
and initalize my IHttpModule so that I can authorize the request based on
session data. How would I go about to disable security for PUT requests, if
it is possible?
Regards,
Kenneth Myhra
"Hans Kesting" <ne***********@spamgourmet.com> wrote in message
news:OF**************@TK2MSFTNGP11.phx.gbl... "Kenneth Myhra" <ke**********@hotmail.com> wrote in message news:e6**************@TK2MSFTNGP12.phx.gbl... Hi all, We are trying to make an ISAPI Filter, in .NET by implementing
the IHttpModule interface, that will authorize the request for certain
binary file types (GET), this is working fine. But we also want it to authorize the upload of binary files (PUT), The problem with the PUT-scenario is that the file is *not* uploaded when its extension *is* mapped up in IIS, by
mapped up I mean the Application Mappings displayed when clicking on the configuration button on the property page for the [virtual folder]/[web application] in question. We have tried this both with and without our assembly running in the upload directory, the same happens either way,
the file is uploaded as long as its extension is *not* mapped up in IIS,
when I map up the extension I am no longer able upload files with that
extension. By running these tests we have verified that our code is not the black sheep in the current scenario. So what I want to know is, could this be a bug? Or is this a security concern and what I am trying to do is not allowed?
Regards, Kenneth Myhra
I have never used HTTP PUT, but I guess the reasoning is this: when a file with a mapped extension (say "aspx") is uploaded and stored, how should IIS know how to treat this file upon request? As it has an aspx extension, it should be handled by the asp.net subsystem, rather than just upload the contents. So, even if you could disable security so upload is possible, then you might not get the expected contents when you try to retrieve it! Maybe you could have an upload directory where no mappings at all are defined?
Hans Kesting
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Philippe Lemmerling |
last post by:
I have a question concerning security of my file upload script. I'm using
the php upload routines (move_uploaded_file,...) and variables ($_FILES) to
upload images to a webdirectory. Everything...
|
by: dave |
last post by:
Hello there,
I am at my wit's end ! I have used the following script succesfully to
upload an image to my web space. But what I really want to be able to do is
to update an existing record in a...
|
by: Olaf Baeyens |
last post by:
The security related stuff of the .NET is a little bit too hard to learn for
newcomers.
So what would be nice is to have a small wizard like program that asks
questions about what security you...
|
by: Pavils Jurjans |
last post by:
Hello,
I have the following setup:
The page that contains the form with file upolad HTML control resides on
another server that doesn't have ASP.NET available. It may well be just
static...
|
by: UJ |
last post by:
I have a spot where I allow a user to upload a file to the server. The files
are media files so they can be large (25MB). Problem is that while it's
uploading, the screen just sits there (yes...
|
by: hansBKK |
last post by:
Upfront disclaimer - I am a relative newbie, just starting out learning
about PHP, mostly by researching, installing and playing with different
scripts. I am looking for a host that will provide...
|
by: jhardman |
last post by:
Have you ever wanted to upload files through a form and thought, "I'd really like to use ASP, it surely has that capability, but the tutorial I used to learn ASP didn't mention how to do this."? ...
|
by: william.hooper |
last post by:
here is my form:
<html>
<head></head>
<body>
<FORM ACTION="code.php" method="post">
<INPUT TYPE=SUBMIT NAME="arty.jpg" VALUE="Action">
</FORM>
|
by: poojamangal |
last post by:
I want to upload images or pdf files. but i m unable to do so. i got error. please help me to sort it out..
my code is:
<%
'on error resume next
Class FreeASPUpload
Public UploadedFiles...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome former...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
| |