Hi.
I'm restricting access to my webpage with forms authentication, but I have some .htm files that I want to restrict as well (by default, ASP.NET does not restrict this, so anyone with access to the URL could open them).
I've run across a number of solutions on the web, none however seem to work for me. It's possible I'm just missing something stupid and obvious. (I hope that's it.)
First, this page advised me to add a setting to IIS to make aspnet_asapi.dl l handle the .htm files. However, the result was less that satisfactory. In Firefox (2.0.0.x) the page would simply be blank, and IE (6&7) would give the "Internet Explorer cannot display the webpage" message.
Then this page and this page suggested adding httpHandler entries into my web.config file.
These settings did nothing to filter these files.
Then, with ever increasing desperation I tried them both at the same time, and again I got the blank Firefox and the taunting IE message.
Can anyone help me figure out what I'm missing here?
10  1691  Plater 7,872
Recognized Expert Expert
Are these pages to be protected by the same login credentials as the aspnet pages?
Because you could restrict access to the directories they're in with the http security.
(challenge authentication)
Or convert them over to full-fledged aspx pages. Really you should have been able to just drop the html source code into the aspx page.
Are these pages to be protected by the same login credentials as the aspnet pages?
Because you could restrict access to the directories they're in with the http security.
(challenge authentication)
Or convert them over to full-fledged aspx pages. Really you should have been able to just drop the html source code into the aspx page.
I'm handling the specifics of which files go to which users... All I need is a simple redirect to the login page if they aren't authenticated.
The idea is that these are generated reports, and people get access to their own reports. Users access the reports page, the page queries the database, scoops up all the files in the folders specified by the database, and displays them in a datagrid with hyperlinks.
The benefits to this are that:
1) existing reports work (to preserve report histories without modifying those files by hand)
2) the existing reporting process is automated and can generate and upload a new report to the ftp site. This setup preserves this functionality so it doesn't need to be modified.
I've already got a good bit of other site content restricted by various roles granted by the forms authentication, the last bit to restrict is this non-ASP.NET content...
Plater 7,872
Recognized Expert Expert
hmmm. well have you tried making a "serve-up" aspx page?
Like all those hyperlinks goto:
"myserveup.aspx ?filename=repor t456.html"
And then your serveup.aspx page goes and grabs that file and returns the content.
Then you can just make sure they're authenticated for that aspx page.
I use this method in my own company. The actual location where the data files are is not available through the website, only through the serveup page can they be accessed.
hmmm. well have you tried making a "serve-up" aspx page?
Like all those hyperlinks goto:
"myserveup.aspx ?filename=repor t456.html"
And then your serveup.aspx page goes and grabs that file and returns the content.
Then you can just make sure they're authenticated for that aspx page.
I use this method in my own company. The actual location where the data files are is not available through the website, only through the serveup page can they be accessed.
Hmmm, that's an intriguing idea. I'm not readily able to imagine some of the specifics (I'm a desktop programmer by trade that got somewhat pressed into this web development project just recently. I'll admit to being a bit out of my native element)... A couple of questions come to mind:
Would I need to strip out any of the html from the files, or would the ASPX page simply not care about duplicate <HEAD> tags, <BODY> tags, etc?
How can I set the folder to be inaccessible to the outside? Move it to be within the app_data folder? Could I still set that folder to be an FTP site to receive the auto-generated reports?
Plater 7,872
Recognized Expert Expert
The aspx page...wouldn't really be an aspx page.
Inside it would do all the validating of "should this user be able to access this file?"
Then if yes it'd be something like: -
Response.Clear();//wipe out anything that would be sent to client
-
/*
-
* Some code to send the file, I think it's like Response.TransmitFile(filename)
-
*/
-
Response.End();
-
If it was no, display some sort of "not allowed" message
The aspx page...wouldn't really be an aspx page.
Inside it would do all the validating of "should this user be able to access this file?"
Then if yes it'd be something like:
-
Response.Clear();//wipe out anything that would be sent to client
-
/*
-
* Some code to send the file, I think it's like Response.TransmitFile(filename)
-
*/
-
Response.End();
-
If it was no, display some sort of "not allowed" message
This sounds like a good solution, however I would still like a way to deny access to anyone who might be able to guess the URL of the source HTML files... Maybe I could store the files within app_data?
Plater 7,872
Recognized Expert Expert
Don't expose there location to the web.
Like for instance in my setup, the iis website is located at:
c:\inetpub\wwwr oot\
And the datafiles are in say:
c:\data\
The code behind can access that directory, but the website does not have access to it.
Hi,
U can restrict by setting the web.config.
<location path="admin.htm l">
<system.web>
<customErrors mode="Off"/>
<compilation debug="true"/>
<authenticati on mode="Forms">
<forms name="frmLogin"
loginUrl="login .aspx">
</forms>
</authentication>
<authorizatio n>
<deny users ="?" />
</authorization>
</system.web>
</location>
try this one
Plater 7,872
Recognized Expert Expert
Oooo, good call on that one. I think you can take wildcards in the path= attribute too?
Sign in to post your reply or Sign up for a free account.
Similar topics | |
by: Xenophobe |
last post by:
I have a popup window (required by the client) containing a form and would
like to prevent users from accessing it directly. They are instead required
to access the page via a hyperlink on another page. HTTP_REFERER, while not
completely reliable, would serve the purpose except for another problem. The
hyperlink points to a JavaScript function which opens the popup. This yields
HTTP_REFERER worthless. My other thought was to create a...
|
by: Jeremy Langworthy |
last post by:
Hi
I have two "totals" inputs whose values are dynamically calculated.
For obvious reasons I don't want users to be able to edit the
information in these. However, I do want this total passed to the next
page so I can store it. When I set the input to "disabled" it does not
pass it's value. Is there another way I can do this?
I was thinking about using an onFocus event to set the focus to
another field but is this the best option? Any...
|
by: Dennis C. Drumm |
last post by:
Is there a way with C# to allow one class access to a method or field of
another class, without making that method or field visible to all other
classes, as would be the case when making the method or field public?
Thanks,
Dennis
|
by: Barguast |
last post by:
Is there any way to restrict the area in a control that can be painted? For
example, if I wanted to enforce a three-pixel wide border around my control,
how would I go about it?
Thanks
|
by: volume |
last post by:
Restricting a windows textbox (edit item) to digits only.
Is there a windows option, using .NET C#, to only allow a user to enter
digits ONLY? If so, what is the flag or setting? If no, what is the best
method to manually and robustly do it?
I have a windows form with an editbox that I only want user's to enter
digits.
Thanks in advance.
| | |
by: CLEAR-RCIC |
last post by:
Hi. I'm using web controls in my web application. Using IIS, I am trying to
restrict an IP address from viewing one of my contols. When I restrict the
IP Address using the Directory Security tab on properties in IIS, it doesn't
seem to work. If I try to restrict a .htm file in the same application it
does work. Does restricting by IP address not work with web controls?
|
by: Piper707 |
last post by:
Hi,
I'd like to know if there are any more ways of restricting an XML
document to having only non-empty tags (containing Strings).
I can think of 2 ways:
1)
<xs:simpleType name="tagName">
|
by: Brett Romero |
last post by:
I have a CustomDataGrid that inherits DataGrid. I use the filter below
via a context menu, which works fine.
( ( DataTable ) this.DataSource ).DefaultView.RowFilter =
filterexpress;
The above gives me narrowed results via a right click on a grid cell.
I filter on the cell value. I'd like to click another cell and filter
again. For example, I start with 100 rows. I filter as above and get
50 rows. Now I want to filter on another...
|
by: Patient Guy |
last post by:
The code below shows the familiar way of restricting a function to be a
method of a constructed object:
function aConstructor(arg)
{
if (typeof(arg) == "undefined")
return (null);
this.property1 = arg;
this.property2 = aConstantDefinedGlobally;
this.method1 = function (anArg) {
|
by: =?Utf-8?B?R3JlZw==?= |
last post by:
I'm from an Access background and I'm working with VB.Net.
In MS Access I can restrict data-entry into my fields on a form using the
Format property. Is there an equivilant in VB.Net. I want to restrict
data-entry into my text boxes to numeric only. 0-9 only. I don't want a
decimal place.
Thanks
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
| | |
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| | |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
