[Last Call] Learn how to a build a cloud-first strategyRegister Now


ASP.NET Creating Secure Directories

Posted on 2005-05-02
Medium Priority
Last Modified: 2010-04-17
I am looking to create and ASP.NET application that creates a directory if it doesn't already exist, creates a file within that directory that only a specific user can access.  I have login and password measures on the site with a unique user idetifiers.  However, I don't want anyone to access antoher users folder.  This must all be dynamic and fast.

Here is the scenario in a nutshell:
A. User logs in.
B. User creates (on the fly) a PDF report.
C. Browser Redirects to report.
D. Report opens in browser (Acrobat Plug-in.)
E. Report remains available ONLY to this user. (No one can anonymously visit report URL) OR Report is completely deleted to be regenerated when needed again.

Any suggestions or help out there?

I have everything done here except securely accessing the report (Step E).
Question by:mhipol
  • 2

Accepted Solution

BurntSky earned 500 total points
ID: 13913428
Well, I think you have a couple options, none of which are very pretty.

First, if the users aren't created automatically (meaning there are only a certain number of users and no more will be added on-the-fly) you can limit access to certain folders in the web.config:

  <location path="User1">
        <allow users="User1" />
        <deny users="?,*" />

You could also do the above but specify "roles" instead of "users" in the <allow /> and <deny /> tags.  (You can read more about role-based security here: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dwamish7/html/vtconrole-basedsecurity.asp)

If you're using Windows authentication you can assign particular users access to folders.  This is a little more complex and only applicable if you're using Windows Authentication.

The way I would probably end up doing it is mantaining all the information in a database and checking permissions on the fly.

Author Comment

ID: 13922070
The users are automatically created.  So this probably won't work.

Expert Comment

ID: 13922096
If the users are automatically created then I assume their credentials are stored in a database.  Why not use my last suggestion and also store what directories they have permission to view and then check the permissions on the fly?

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Although it can be difficult to imagine, someday your child will have a career of his or her own. He or she will likely start a family, buy a home and start having their own children. So, while being a kid is still extremely important, it’s also …
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…
Screencast - Getting to Know the Pipeline

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question