473,408 Members | 2,441 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > securing xml file in an asp.net web app folder.

Join Bytes to post your question to a community of 473,408 software developers and data experts.

Securing XML file in an ASP.NET web app folder.

TK
Hi,

I have an ASP.NET web application and almost everything is working fine
excepting failing to make an XML file be secure. There is an XML file which
includes meta-data for both of server-side .NET application and client-side
javascript application. And the meta-data in the XML file shoud be hidden
for unauthenticated clients.

I know ASP.NET doesn't care for .xml files in default setting, so I added a
file extention-application mapping as ".xml" to
"C:\Winnt\Microsoft.NET\Framework\v1.1.4322\aspnet _isapi.dll" for all verbs.
Yes, it works for client-side script. I succeeded to hide such meta-data
from unauthenticated users. But server side, now I have a problem not only
for unauthenticated users but also authenticated users.

I have a server-side code such as following.

XmlDocument doc = new XmlDocument();
doc.Load("http://......../metadata.xml");
Now the 2nd line always throw an XML exception as "This is an unexpected
token, The expected token is 'QUOTE'. line 2 position 64"
Ofcourse, the XML file has correct tag structure, and everything was OK
until I added an application mapping for ".xml" files in IIS admin tool.

What's happen here?
Does anyone have experienced something like this? or any idea?

best regards,
TK

Nov 18 '05 #1
1 1640

"TK" <tk****@nospam.emotionalbits.com> wrote in message news:%2****************@TK2MSFTNGP10.phx.gbl...
Hi,

I have an ASP.NET web application and almost everything is working fine
excepting failing to make an XML file be secure. There is an XML file which
includes meta-data for both of server-side .NET application and client-side
javascript application. And the meta-data in the XML file shoud be hidden
for unauthenticated clients.

I know ASP.NET doesn't care for .xml files in default setting, so I added a
file extention-application mapping as ".xml" to
"C:\Winnt\Microsoft.NET\Framework\v1.1.4322\aspnet _isapi.dll" for all verbs.
Yes, it works for client-side script. I succeeded to hide such meta-data
from unauthenticated users. But server side, now I have a problem not only
for unauthenticated users but also authenticated users.

I have a server-side code such as following.

XmlDocument doc = new XmlDocument();
doc.Load("http://......../metadata.xml");
Now the 2nd line always throw an XML exception as "This is an unexpected
token, The expected token is 'QUOTE'. line 2 position 64"
Ofcourse, the XML file has correct tag structure, and everything was OK
until I added an application mapping for ".xml" files in IIS admin tool.

What's happen here?
Does anyone have experienced something like this? or any idea?

best regards,
TK


Not quite sure this will cure your problem, but you don't *need* to
specify that xml file by url, you can also use the abolute local path
(use MapPath and a relative path to get that absolute path)

Hans Kesting
Nov 18 '05 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
securing host username password
by: j-marvin | last post by:
hi- i am going through the process of password protecting a directory using ..htaccess and .htpasswd i am experiencing difficulty. so my question is without making life anymore difficult is...
PHP
12
Securing Web Database
by: Prabhat | last post by:
Hi All, I have a website setup which has MS-Access DB. The web pages are in ASP and uses ADO to connect to DB. The DB is located in the Folder "/Database". I have the Connection string setup in...
ASP / Active Server Pages
7
Securing a split database without user level security
by: Andy | last post by:
Hi ! I split a simple Access2K database ( shared on network )and placed the files thusly : x:\app\frontend.mdb x:\app\back\backend.mdb Problem : I once read an article that laid out a...
Microsoft Access / VBA
7
Securing A Folder On A Server
by: Tom | last post by:
Can anyone give me any advice on how to secure a folder on a network server so that documents in the folder can only be opened through an Access database or by the database admin. I need to store...
Microsoft Access / VBA
11
Securing hashing algorithm
by: Wm. Scott Miller | last post by:
Hello all! We are building applications here and have hashing algorithms to secure secrets (e.g passwords) by producing one way hashes. Now, I've read alot and I've followed most of the advice...
C# / C Sharp
2
Securing a folder from public access
by: Ian B | last post by:
This is a basic question for anyone who knows what they're doing with web server admin so hopefully someone will be able to assist me here!... I have a www based asp.net application which allows...
ASP.NET
9
Securing Code On My Laptop
by: Brian Russell | last post by:
I develop Web applications locally on my Windows XP (SP1) laptop using Visual Studio. My company is concerned about security, especially if the laptop is compromised, so I should either encrypt...
ASP.NET
2
Securing HTML pages using asp.net
by: Vaibhav Shah | last post by:
Hi, Can we secure HTML pages on a web site using asp.net? We have a requirement in which we want to display a login page before a visitor can view any HTML page on our website. WE have...
ASP.NET
0
Securing the Web Folder
by: arizal | last post by:
Hi, I have a folder in a server where all my php files reside. I mean the whole content of the web site is in that folder. So the problem is that if someone knows the filename of any php file, they...
PHP
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!