Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

asp.net secure folders or files by user.

Posted on 2012-08-28
2
Medium Priority
?
660 Views
Last Modified: 2012-09-10
Using asp.net VB , server 2008, framework 4.0 . IIS 7

code a way to secure a file or folder for a user. So they can or can't stream a file on a web site.
Requires a way to script a new user, and change permissions.

 

thanks
0
Comment
Question by:john
  • 2
2 Comments
 
LVL 26

Expert Comment

by:Alan Warren
ID: 38343826
By default asp .net / iis does not protect files that are not definitive (.net type files), your folder can be protected by a web.config entry:
  <system.web>
    <authorization>
      <allow roles="Admin,PowerUser" />
      <deny users="*" />
    </authorization>
  </system.web>

Open in new window

But if you put an .htm, .jpg, .xls, .mdb or any other none (.net type file) into your protected folder, iis will serve them up to all and sundry, without any credentials ( to the public, argghh! ).

To protect non (.Net type files) requires a custom HTTP handler to be defined:
There's an example here Securing PDF Files in ASP .NET with Custom HTTP Handlers for C#.

If you have access to the iis server it's a bit easier: Protecting Files with ASP.NET, but not many of us have access to the webhost providers iis services application configuration tools, localhost, no problem.

I personally opted to store sensitive (non .net type files) in a database catalog and created an aspx page to extract the binary from the db and serve the files up on demand, then put the aspx page in a folder protected by the web.config, but that's another story: Displaying Images that Reside in a Database and Serving Dynamic Images from Static Web Pages

HTH

Alan ";0)
0
 
LVL 26

Accepted Solution

by:
Alan Warren earned 1500 total points
ID: 38343856
For scripting file and folder permissions:
http://www.experts-exchange.com/Web_Development/Miscellaneous/Q_23444174.html#a21691494

For scripting new users, you can Programmatically address the membership server, a good example here MembershipUser Constructor ...

Alan
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question