Hello,
Im facing problem that i have files in 1 folder, who has access to files should be based to session information. Basically folder is configured that iis user has rights to folder. Now that i list users files i can ofc narrow the files so that only logged users files are shown, however he still can see others files by changing url. Anyone got idea if i can manage filerights by session or got way around the problem?
Platform im using is IIS, .net framework 2.0
There's a couple of ways to handle this.
You could set a session variable to indicate what rites the user has to files and check this variable during every page load to see if they are permitted to view the file...if they aren't you could just redirect them to the login page (or wherever).
If you are using forms authentication, you can also deny access to files by any user that is not authenticated by setting your web.config file to:
-
<?xml version="1.0" encoding="utf-8"?>
-
<configuration>
-
<system.web>
-
<authorization>
-
<allow roles="users" />
-
<deny users="?" />
-
</authorization>
-
</system.web>
-
</configuration>
What you do here is place all of your restricted files into a folder and add a web.config file to that folder with these settings....
-Frinny