473,320 Members | 1,946 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Authorization

I have a single web page and associated PDF that I need to protect within a
larger web site. What is the easiest way to do that. Go gain access, users
will go to a page and enter a password. This is for a promotion that we are
doing and I don't need to assign or track usernames. Everyone uses the same
password that is supplied via a usps mailing.

I can place the page and PDF in a sub directory if that helps.

-Andrew
Nov 19 '05 #1
2 1909
Hi Andrew,

Welcome to ASPNET newsgroup.
From your description, you have a certain pdf file which need to be exposed
to client users through asp.net web page. And you also need to protect the
pdf file from being accessed by unauthenticated users, yes?

If so, I think we can just put the user login UI on the web page so let the
user input username password and in the submit button's postback event, do
the user validation. If the user is a valid user, we just retrieve the PDF
file's binary stream and write it out to the page's response stream.

We can store the PDF file on physical dir as a pdf file or in database.
Anyway, it's better not to put the file in web application's virtual dir so
as to prevent it be browsed by unexpected users. Here is a kb article
mentioned streaming out binary file (on disk) to asp.net page's resposne.

#How To Write Binary Files to the Browser Using ASP.NET and Visual C# .NET
http://support.microsoft.com/?id=306654

Hope helps. Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)


--------------------
| From: "Andrew Robinson" <ne****@nospam.nospam>
| Subject: Authorization
| Date: Mon, 24 Oct 2005 14:06:32 -0700
| Lines: 11
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
| Message-ID: <e0**************@TK2MSFTNGP09.phx.gbl>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: 216.57.203.121
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP09.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.dotnet.framework.aspnet:133569
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| I have a single web page and associated PDF that I need to protect within
a
| larger web site. What is the easiest way to do that. Go gain access,
users
| will go to a page and enter a password. This is for a promotion that we
are
| doing and I don't need to assign or track usernames. Everyone uses the
same
| password that is supplied via a usps mailing.
|
| I can place the page and PDF in a sub directory if that helps.
|
| -Andrew
|
|
|

Nov 19 '05 #2
Hi Andrew,

How are you doing on this issue, does the suggestions in my last reply
helps a little? If there're anything else we can help, please feel free to
post here. Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

--------------------
| X-Tomcat-ID: 55613072
| References: <e0**************@TK2MSFTNGP09.phx.gbl>
| MIME-Version: 1.0
| Content-Type: text/plain
| Content-Transfer-Encoding: 7bit
| From: st*****@online.microsoft.com (Steven Cheng[MSFT])
| Organization: Microsoft
| Date: Tue, 25 Oct 2005 03:02:43 GMT
| Subject: RE: Authorization
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
| Message-ID: <2q**************@TK2MSFTNGXA01.phx.gbl>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| Lines: 60
| Path: TK2MSFTNGXA01.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.dotnet.framework.aspnet:133627
| NNTP-Posting-Host: TOMCATIMPORT1 10.201.218.122
|
| Hi Andrew,
|
| Welcome to ASPNET newsgroup.
| From your description, you have a certain pdf file which need to be
exposed
| to client users through asp.net web page. And you also need to protect
the
| pdf file from being accessed by unauthenticated users, yes?
|
| If so, I think we can just put the user login UI on the web page so let
the
| user input username password and in the submit button's postback event,
do
| the user validation. If the user is a valid user, we just retrieve the
PDF
| file's binary stream and write it out to the page's response stream.
|
| We can store the PDF file on physical dir as a pdf file or in database.
| Anyway, it's better not to put the file in web application's virtual dir
so
| as to prevent it be browsed by unexpected users. Here is a kb article
| mentioned streaming out binary file (on disk) to asp.net page's resposne.
|
| #How To Write Binary Files to the Browser Using ASP.NET and Visual C# .NET
| http://support.microsoft.com/?id=306654
|
| Hope helps. Thanks,
|
| Steven Cheng
| Microsoft Online Support
|
| Get Secure! www.microsoft.com/security
| (This posting is provided "AS IS", with no warranties, and confers no
| rights.)
|
|
|
|
| --------------------
| | From: "Andrew Robinson" <ne****@nospam.nospam>
| | Subject: Authorization
| | Date: Mon, 24 Oct 2005 14:06:32 -0700
| | Lines: 11
| | X-Priority: 3
| | X-MSMail-Priority: Normal
| | X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
| | X-RFC2646: Format=Flowed; Original
| | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
| | Message-ID: <e0**************@TK2MSFTNGP09.phx.gbl>
| | Newsgroups: microsoft.public.dotnet.framework.aspnet
| | NNTP-Posting-Host: 216.57.203.121
| | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP09.phx.gbl
| | Xref: TK2MSFTNGXA01.phx.gbl
| microsoft.public.dotnet.framework.aspnet:133569
| | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
| |
| | I have a single web page and associated PDF that I need to protect
within
| a
| | larger web site. What is the easiest way to do that. Go gain access,
| users
| | will go to a page and enter a password. This is for a promotion that we
| are
| | doing and I don't need to assign or track usernames. Everyone uses the
| same
| | password that is supplied via a usps mailing.
| |
| | I can place the page and PDF in a sub directory if that helps.
| |
| | -Andrew
| |
| |
| |
|
|

Nov 19 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: phreeskier | last post by:
i want to implement authorization with windows authentication and don't have the slightest clue of how to do this implementation. the basic windows authentication for this .NET application is...
1
by: Chris Leffer | last post by:
Hi. I would like to confirm a behaviour in the authorization element from the web.config file. Suppose the following (using Forms authentication): <authorization> <deny users="?" /> <deny...
3
by: nick | last post by:
Hi, How should I write the web.config file to allow some of the aspx files be executable to all users and others are required users to login? All the aspx files are in the same folder.
9
by: Bijoy Naick | last post by:
I've implemented forms authentication and authorization on my application. In my Web.Config, my authorization section looks like this.. <authorization> <allow roles="admin" /> <deny users="*"...
1
by: Shapper | last post by:
Hello, In my web site I need to restrict the access to page1.aspx, page2.aspx and page3.aspx to users which had login and which access level is "administrator". The remaining pages can be...
4
by: Johnnie Norsworthy | last post by:
ASP.NET 2.0 How do I configure my web site to require forms authorization only for a subfolder off the root? I know how to set Web.config for forms authentication for the whole site, but I need...
2
by: Water Cooler v2 | last post by:
Is the authorization tag/class in web.config\<system.web> available only for Windows authorization? Does it make sense for Forms based authentication?
1
by: sonu | last post by:
Mark is creating a website using ASP.NET. He is using Forms authentication for authenticating and authorizing users. He has the following layout of files and directories in his website: Root...
14
by: tshad | last post by:
I am trying to set up an intranet at work that will use our Active directory to authorize our users. We also want them to access the site from the outside (such as at home) and also be...
4
by: xke | last post by:
Using web.config authorization settings, is it possible to allow my users to access default.aspx but not default.aspx?action=edit ?? <location path="default.aspx"> <system.web> <authorization>...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.