Solved secure folders or files by user.

Posted on 2012-08-28
Last Modified: 2012-09-10
Using VB , server 2008, framework 4.0 . IIS 7

code a way to secure a file or folder for a user. So they can or can't stream a file on a web site.
Requires a way to script a new user, and change permissions.


Question by:johnsails
    LVL 26

    Expert Comment

    by:Alan Warren
    By default asp .net / iis does not protect files that are not definitive (.net type files), your folder can be protected by a web.config entry:
          <allow roles="Admin,PowerUser" />
          <deny users="*" />

    Open in new window

    But if you put an .htm, .jpg, .xls, .mdb or any other none (.net type file) into your protected folder, iis will serve them up to all and sundry, without any credentials ( to the public, argghh! ).

    To protect non (.Net type files) requires a custom HTTP handler to be defined:
    There's an example here Securing PDF Files in ASP .NET with Custom HTTP Handlers for C#.

    If you have access to the iis server it's a bit easier: Protecting Files with ASP.NET, but not many of us have access to the webhost providers iis services application configuration tools, localhost, no problem.

    I personally opted to store sensitive (non .net type files) in a database catalog and created an aspx page to extract the binary from the db and serve the files up on demand, then put the aspx page in a folder protected by the web.config, but that's another story: Displaying Images that Reside in a Database and Serving Dynamic Images from Static Web Pages


    Alan ";0)
    LVL 26

    Accepted Solution

    For scripting file and folder permissions:

    For scripting new users, you can Programmatically address the membership server, a good example here MembershipUser Constructor ...


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Shouldn't all users have the same email signature?

    You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

    You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
    New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
    This tutorial will give a short introduction and overview of Backup Exec 2014 and the additional features that have been added over its predecessor Backup Exec 2012. As with Backup Exec 2012, the Backup Exec button in the upper left corner. From her…
    This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now