Restrict folder access through ASP.Net
I have an intranet ASP.Net application that uses fso to display a folder structure that allows users to view and save documents via a 3rd party folder/file list control.
Is it possible, using .Net, to restrict access to a folder in the middle of a directory tree that otherwise allows access to all users? Our overall Windows security group structure isn’t granular enough to allow this type of functionality on its own. I was hoping that there was something in the IO namespace that could handle this.
If this type of functionality is possible, please provide details on how to accomplish it.
Thank you
Is it possible, using .Net, to restrict access to a folder in the middle of a directory tree that otherwise allows access to all users? Our overall Windows security group structure isn’t granular enough to allow this type of functionality on its own. I was hoping that there was something in the IO namespace that could handle this.
If this type of functionality is possible, please provide details on how to accomplish it.
Thank you
ASKER
Hth,
The folder has to be visible to those who need access otherwise it should display an access denied message.
How would you do this using HTA?
The folder has to be visible to those who need access otherwise it should display an access denied message.
How would you do this using HTA?
Hi jaysch,
you could use Web.config to define who can and who can not enter the folder. You could define there Windows login system to be used for these folders...
regards
I
you could use Web.config to define who can and who can not enter the folder. You could define there Windows login system to be used for these folders...
regards
I
ASKER
I,
Please provide details.
Thanks
Please provide details.
Thanks
Hi jaysch
It's a long story and it is large documented. Here I'll quote some samples only.
The following example lets everyone do a GET, but only Kim can use POST.
<authorization>
<allow verb="GET" users="*"/>
<allow verb="POST" users="Kim"/>
<deny verb="POST" users="*"/>
</authorization>
To allow John and deny everyone else, one might construct the following configuration section.
<authorization>
<allow users="John"/>
<deny users="*"/>
</authorization>
There is also a <location> tag that you can use to specify a particular file or directory to which settings wrapped by that tag (between <location> and </location> tags) should apply.
Here is a sample about location. There are three levels.
- Settings that apply to the current directory and all child directories (everything contained within the top <configuration> tag).
- Settings that apply to the Sub1 child directory (everything contained within the <location> tag with a path attribute set to Sub1).
- Settings that apply to the Sub2 child directory (everything contained within the <location> tag with a path attribute set to Sub2).
<configuration>
<system.web>
<sessionState cookieless="true" timeout="10"/>
</system.web>
<!— Configuration for the "Sub1" subdirectory. -->
<location path="sub1">
<system.web>
<httpHandlers>
<add verb="*" path="Sub1.Scott" type="Sub1.Scott"/>
<add verb="*" path="Sub1.David" type="Sub1.David"/>
</httpHandlers>
</system.web>
</location>
<!— Configuration for the "Sub2" subdirectory. -->
<location path="sub2">
<system.web>
<httpHandlers>
<add verb="*" path="Sub2.Scott" type="Sub2.Scott"/>
<add verb="*" path="Sub2.David" type="Sub2.David"/>
</httpHandlers>
</system.web>
</location>
</configuration>
regards
I
It's a long story and it is large documented. Here I'll quote some samples only.
The following example lets everyone do a GET, but only Kim can use POST.
<authorization>
<allow verb="GET" users="*"/>
<allow verb="POST" users="Kim"/>
<deny verb="POST" users="*"/>
</authorization>
To allow John and deny everyone else, one might construct the following configuration section.
<authorization>
<allow users="John"/>
<deny users="*"/>
</authorization>
There is also a <location> tag that you can use to specify a particular file or directory to which settings wrapped by that tag (between <location> and </location> tags) should apply.
Here is a sample about location. There are three levels.
- Settings that apply to the current directory and all child directories (everything contained within the top <configuration> tag).
- Settings that apply to the Sub1 child directory (everything contained within the <location> tag with a path attribute set to Sub1).
- Settings that apply to the Sub2 child directory (everything contained within the <location> tag with a path attribute set to Sub2).
<configuration>
<system.web>
<sessionState cookieless="true" timeout="10"/>
</system.web>
<!— Configuration for the "Sub1" subdirectory. -->
<location path="sub1">
<system.web>
<httpHandlers>
<add verb="*" path="Sub1.Scott" type="Sub1.Scott"/>
<add verb="*" path="Sub1.David" type="Sub1.David"/>
</httpHandlers>
</system.web>
</location>
<!— Configuration for the "Sub2" subdirectory. -->
<location path="sub2">
<system.web>
<httpHandlers>
<add verb="*" path="Sub2.Scott" type="Sub2.Scott"/>
<add verb="*" path="Sub2.David" type="Sub2.David"/>
</httpHandlers>
</system.web>
</location>
</configuration>
regards
I
ASKER
I,
Do I understand correctly that I need to add an additional web.config file with settings similar to the above example in the folder that needs to be restricted? Or do I add these settings to the main application web.confg?
Thanks
Do I understand correctly that I need to add an additional web.config file with settings similar to the above example in the folder that needs to be restricted? Or do I add these settings to the main application web.confg?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, works fine.
you could decide whether to fso.GetFolder() or not. Why you need to change access.
you could access the local computer through a .HTA, but not through IIS.
HTH
I