ASP.NET Creating Secure Directories

Posted on 2005-05-02
Last Modified: 2010-04-17
I am looking to create and ASP.NET application that creates a directory if it doesn't already exist, creates a file within that directory that only a specific user can access.  I have login and password measures on the site with a unique user idetifiers.  However, I don't want anyone to access antoher users folder.  This must all be dynamic and fast.

Here is the scenario in a nutshell:
A. User logs in.
B. User creates (on the fly) a PDF report.
C. Browser Redirects to report.
D. Report opens in browser (Acrobat Plug-in.)
E. Report remains available ONLY to this user. (No one can anonymously visit report URL) OR Report is completely deleted to be regenerated when needed again.

Any suggestions or help out there?

I have everything done here except securely accessing the report (Step E).
Question by:mhipol
    LVL 9

    Accepted Solution

    Well, I think you have a couple options, none of which are very pretty.

    First, if the users aren't created automatically (meaning there are only a certain number of users and no more will be added on-the-fly) you can limit access to certain folders in the web.config:

      <location path="User1">
            <allow users="User1" />
            <deny users="?,*" />

    You could also do the above but specify "roles" instead of "users" in the <allow /> and <deny /> tags.  (You can read more about role-based security here:

    If you're using Windows authentication you can assign particular users access to folders.  This is a little more complex and only applicable if you're using Windows Authentication.

    The way I would probably end up doing it is mantaining all the information in a database and checking permissions on the fly.

    Author Comment

    The users are automatically created.  So this probably won't work.
    LVL 9

    Expert Comment

    If the users are automatically created then I assume their credentials are stored in a database.  Why not use my last suggestion and also store what directories they have permission to view and then check the permissions on the fly?

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Suggested Solutions

    Title # Comments Views Activity
    seriesUp challenge 7 80
    Modbus - whats the maximum I can store in one register? 4 68
    mapAB Challlenge 35 46
    word0 challenge 4 37
    RIA (Rich Internet Application) tools are interactive internet applications which have many of the characteristics of desktop applications. The RIA tools typically deliver output either by the way of a site-specific browser or via browser plug-in. T…
    This is an explanation of a simple data model to help parse a JSON feed
    Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …
    In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now