Hello,
I'm working on a portal based on IBuySpy, where the main page is
desktopdefault.aspx and all content is stored in www.domain.com/content/html/nnn
or www.domain.com/content/images/nnn
and injected in the desktopdefault.aspx page.
How can I prevent users doing www.domain.com/content/images/test.jpg
and getting the image (or the html file, or whatever inside the
content directory?)
It doesn't matter if the user is authenticated or not, I just want
obly the webapplication to be able to load and display the files
inside the /content directory.
Can I do this just manipulating the web.config, without changing
directory permissions on the webserver?
Thanks! 9 3411
You can move the directory outside of the web application's directory.
-Brock
DevelopMentor http://staff.develop.com/ballen Hello, I'm working on a portal based on IBuySpy, where the main page is desktopdefault.aspx and all content is stored in www.domain.com/content/html/nnn or www.domain.com/content/images/nnn and injected in the desktopdefault.aspx page. How can I prevent users doing www.domain.com/content/images/test.jpg and getting the image (or the html file, or whatever inside the content directory?) It doesn't matter if the user is authenticated or not, I just want obly the webapplication to be able to load and display the files inside the /content directory. Can I do this just manipulating the web.config, without changing directory permissions on the webserver?
Thanks!
Good suggestion, but is there a way to control access to that
directory with the web.config?
Thanks. You can move the directory outside of the web application's directory.
-Brock DevelopMentor http://staff.develop.com/ballen Hello, I'm working on a portal based on IBuySpy, where the main page is desktopdefault.aspx and all content is stored in www.domain.com/content/html/nnn or www.domain.com/content/images/nnn and injected in the desktopdefault.aspx page. How can I prevent users doing www.domain.com/content/images/test.jpg and getting the image (or the html file, or whatever inside the content directory?) It doesn't matter if the user is authenticated or not, I just want obly the webapplication to be able to load and display the files inside the /content directory. Can I do this just manipulating the web.config, without changing directory permissions on the webserver?
Thanks!
web.config :
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authorization>
<allow users="ASPNET's account name"/>
<deny users="*"/>
</authorization>
</system.web>
</configuration>
Juan T. Llibre
ASP.NET MVP http://asp.net.do/foros/
Foros de ASP.NET en Español
Ven, y hablemos de ASP.NET...
======================
"Matt" <no**@none.com> wrote in message news:e2********************************@4ax.com... Good suggestion, but is there a way to control access to that directory with the web.config?
Thanks.
You can move the directory outside of the web application's directory.
-Brock DevelopMentor http://staff.develop.com/ballen Hello, I'm working on a portal based on IBuySpy, where the main page is desktopdefault.aspx and all content is stored in www.domain.com/content/html/nnn or www.domain.com/content/images/nnn and injected in the desktopdefault.aspx page. How can I prevent users doing www.domain.com/content/images/test.jpg and getting the image (or the html file, or whatever inside the content directory?) It doesn't matter if the user is authenticated or not, I just want obly the webapplication to be able to load and display the files inside the /content directory. Can I do this just manipulating the web.config, without changing directory permissions on the webserver?
Thanks!
There's a step-by-step tutorial at : http://www.dotnetcoders.com/web/Arti...px?article=186
Juan T. Llibre
ASP.NET MVP http://asp.net.do/foros/
Foros de ASP.NET en Español
Ven, y hablemos de ASP.NET...
======================
"Juan T. Llibre" <no***********@nowhere.com> wrote in message
news:ej**************@tk2msftngp13.phx.gbl... web.config :
<?xml version="1.0" encoding="utf-8" ?> <configuration>
<system.web> <authorization> <allow users="ASPNET's account name"/> <deny users="*"/> </authorization>
</system.web> </configuration>
Juan T. Llibre ASP.NET MVP http://asp.net.do/foros/ Foros de ASP.NET en Español Ven, y hablemos de ASP.NET... ======================
"Matt" <no**@none.com> wrote in message news:e2********************************@4ax.com... Good suggestion, but is there a way to control access to that directory with the web.config?
Thanks.
You can move the directory outside of the web application's directory.
-Brock DevelopMentor http://staff.develop.com/ballen Hello, I'm working on a portal based on IBuySpy, where the main page is desktopdefault.aspx and all content is stored in www.domain.com/content/html/nnn or www.domain.com/content/images/nnn and injected in the desktopdefault.aspx page. How can I prevent users doing www.domain.com/content/images/test.jpg and getting the image (or the html file, or whatever inside the content directory?) It doesn't matter if the user is authenticated or not, I just want obly the webapplication to be able to load and display the files inside the /content directory. Can I do this just manipulating the web.config, without changing directory permissions on the webserver?
Thanks!
I tried, but nothing changes, the user can still do something like www.domain.com/content/html/test.htm
and see the content.
On Wed, 27 Apr 2005 06:15:05 -0400, "Juan T. Llibre"
<no***********@nowhere.com> wrote: <allow users="ASPNET's account name"/> <deny users="*"/>
> Good suggestion, but is there a way to control access to that directory with the web.config?
Not if IIS is serving up the files, as the request never makes it to ASP.NET.
-Brock
DevelopMentor http://staff.develop.com/ballen
I think that adding the specific file types to the files managed
by ASP.NET will turn the trick if you implement forms-based
authentication to the directory.
Juan T. Llibre
ASP.NET MVP http://asp.net.do/foros/
Foros de ASP.NET en Español
Ven, y hablemos de ASP.NET...
======================
"Brock Allen" <ba****@NOSPAMdevelop.com> wrote in message
news:56**********************@msnews.microsoft.com ... Good suggestion, but is there a way to control access to that directory with the web.config?
Not if IIS is serving up the files, as the request never makes it to ASP.NET.
-Brock DevelopMentor http://staff.develop.com/ballen
> I think that adding the specific file types to the files managed by ASP.NET will turn the trick if you implement forms-based authentication to the directory.
Yep, that will work.
-Brock
DevelopMentor http://staff.develop.com/ballen This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: spike |
last post by:
I tried to upload a .htaccess-file to the directory that i wanted to
protect.
This is what I wrote in it:
------------------------------------------------
<Limit GET>
order deny,allow
deny from...
|
by: Dave Kolb |
last post by:
Is there any other solution for an ASPNET application to access
network resources other than running as SYSTEM, using delegation (a
nightmare to get to work) or the COM+ solution? I cannot seem to...
|
by: Gene |
last post by:
What are some ways I can deny access to an aspx page other than removing it
altogether from the site? I need the ability to temporarily prevent all
users from accessing certain pages.
Thanks.
|
by: david |
last post by:
Hi,
I have a asp.net site running on an MS Access database this is, for better
or worse, stored under the webroot.
How can I lockout the database directory to prevent anyone from...
|
by: Dan |
last post by:
hi ng.
i have a strange behaviour when i want to control who can access a web
application by setting web.config like:
<authorization>
<allow users="DOMAIN\ACCOUNT,..." />
<deny users="*" />
...
|
by: ABC |
last post by:
I want to check the user roles for allow/deny access each pages. I know it
is possible to add check code on each page. But is very spent time. Is
there any configuration (web config) parameters...
|
by: profdotnet |
last post by:
Below is the code of web.config file:
<configuration>
<system.web>
<authentication mode="Forms" />
<authorization>
<allow users="Admin"/>
<deny users="Jack,Mary" />
<deny users="?">...
|
by: Tim::.. |
last post by:
Hi can someone please tell me why this web.config file doesn't deny access to
all for the folder it is in???
I have the web.config file in a folder called contents but for some reason I
can...
|
by: Douglas J. Badin |
last post by:
Hi,
The problem with Authorization is it stops at the first match and doesn't
permit Grouping.
On the Web Site, I am trying to Secure Page Access and SiteNaviagation by
implementing the...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
| |