473,507 Members | 2,441 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Authentication for documents

Hi,

I have an application where I want to store reports (.pdf, .doc) in a
reports subdirectory. Within the reports subdirectory, I am creating other
subdirectories (with a job number) where I store the reports for a job. I
can access the reports fine through my application.

However, if I save the link to a report, I can open it without logging into
the application, which would be a security issue.

How can I get forms authentication to protect these reports from anonymous
access?

The web.config file protects any access to the .aspx files in the root
directory, and there are no extra web.config files in the subdirectories, so
I don't see why the subdirectories aren't protected also.

Thanks for your help.
Dec 20 '05 #1
3 1144
Forms auth only protects access to .aspx file not .doc, .pdf, .html etc.
files. These might help:

http://www.wwwcoder.com/main/Default...5&parentid=177 (See File Storage methods)

http://aspnet.4guysfromrolla.com/articles/020404-1.aspx

http://msdn.microsoft.com/msdnmag/issues/02/05/ASPSec2/ (See Caveat..)
"Gerhard" wrote:
Hi,

I have an application where I want to store reports (.pdf, .doc) in a
reports subdirectory. Within the reports subdirectory, I am creating other
subdirectories (with a job number) where I store the reports for a job. I
can access the reports fine through my application.

However, if I save the link to a report, I can open it without logging into
the application, which would be a security issue.

How can I get forms authentication to protect these reports from anonymous
access?

The web.config file protects any access to the .aspx files in the root
directory, and there are no extra web.config files in the subdirectories, so
I don't see why the subdirectories aren't protected also.

Thanks for your help.

Dec 20 '05 #2
You can also enter IIS mappings to tell it that asp.net will handle
these certain file types. Beware, though. Certain file types like PDF
may have "issues" with this, so be sure to test afterwards.

Do a search for specific examples.

Dec 20 '05 #3
If you don't want to change the default settings of IIS to map .pdf and .doc
extensions to ASP.NET, you should probably create a dynamic page (.aspx) or
better, and HTTP Handler (.ashx or .axd)
witch can return the document with a Response.BinaryWrite method.

--
Daniel TIZON
MCP - MCSD.NET - MCT
- Save your documents in a directory not directly accessible with HTTP/IIS
- create an HTTPHandler witch extension is .axd or .ashx (theses extentions
are known of IIS

"Gerhard" <ac***@community.nospam> a écrit dans le message de news:
30**********************************@microsoft.com...
Hi,

I have an application where I want to store reports (.pdf, .doc) in a
reports subdirectory. Within the reports subdirectory, I am creating
other
subdirectories (with a job number) where I store the reports for a job. I
can access the reports fine through my application.

However, if I save the link to a report, I can open it without logging
into
the application, which would be a security issue.

How can I get forms authentication to protect these reports from anonymous
access?

The web.config file protects any access to the .aspx files in the root
directory, and there are no extra web.config files in the subdirectories,
so
I don't see why the subdirectories aren't protected also.

Thanks for your help.

Dec 20 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
5
2471
Sessions, authentication and $_SERVER
by: Stephen Poley | last post by:
I'm trying to understand sessions and authentication. I gathered that the only way of preserving data across script invocations was to use a session. However I note that $_SERVER and $_SERVER...
PHP
7
9262
HTTP - basic authentication example.
by: Michael Foord | last post by:
#!/usr/bin/python -u # 15-09-04 # v1.0.0 # auth_example.py # A simple script manually demonstrating basic authentication. # Copyright Michael Foord # Free to use, modify and relicense. #...
Python
1
1893
Forms Authentication and Login Pages
by: Dave | last post by:
Hi, I am creating a web application which have two different login areas. One for members and one for administrators. Currently, I am using forms authentication to validate the login for...
.NET Framework
1
1942
PBM: Authentication popup when uploading from a web dialog
by: Vince C. | last post by:
Hi. I've created a web application that requires authentication on all pages. One of my pages is an ASP script that runs in a modal web dialog. It has a form to upload a file. To prevent a new...
ASP / Active Server Pages
14
2474
Authentication, https and security.
by: Peter Chant | last post by:
I'm currently authenticating a site I have built using basic http authentication built into apache. This has zero overhead on php which is a bonus but it seems to not quite work how I'd like. ...
PHP
2
2169
ASP.NET + SQL Server Windows authentication
by: Lior Amar | last post by:
Hey All, Trying to understand why I can not get SQL server to trust my IIS server. I have two machines set up, 1 App and 1 DB, and I'm trying to validate the applications access to the DB server...
ASP.NET
3
4837
Forms authentication in a subfolder problem, please help
by: Kris van der Mast | last post by:
Hi, I've created a little site for my sports club. In the root folder there are pages that are viewable by every anonymous user but at a certain subfolder my administration pages should be...
ASP.NET
4
2482
Excel Documents & Forms Authentication
by: Lewis Edward Moten III | last post by:
I have a file that users can download through a web page protected by forms authentication: Download.aspx?ID=45 and within that file ... FileInfo fileToDownload = new FileInfo(fileName);
ASP.NET
2
259
forms authentication
by: Brian Shannon | last post by:
I have an intranet site I created when I first began .NET and it is very basic. Now that I have developed my skills I am looking to revamp the old with something new. I really like the idea of...
ASP.NET
3
1735
Authentication in Asp.Net 2.0. Please, I need help. Thank You.
by: Miguel Dias Moura | last post by:
Hello, I am working on an Asp.Net 2.0 / SQL 2005 web project where: 1. All users must login. 2. There will be two user types: student and professor. The students and professors are not related....
ASP.NET
0
7223
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
7111
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
7319
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
7376
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
1
7031
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
4702
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp
0
3191
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration
0
1542
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
C# / C Sharp
0
412
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us