Restrict IIS Access To An Extension, Either Embed Or Local?
Jan 18, 2010
this might not be asp.net exactly but i hope it's ok that i ask this here?i'm looking to restrict access in web browsers to a particular extension like .mp3 - really i'd like to know how to do it two ways if possible
1: how can i restrict it so that nobody may embed/play/download mp3's on my server on their outside sites? I used to do this on php with .htaccesss but am new to .net2: how can i completely revoke the extensions' ability to function at all, even on my site? IE: I would test with a link on my own site/server to a mp3 on that server, and it would fail. I tried removing the MIME type for mp3 and restarting IIS but thatdoesn't seem to have done it.I can still go to the mp3 file in my browser by putting it's URL in the browser.
View 1 Replies
Similar Messages:
Mar 29, 2011
I created a website using VS2010. When I run the website using built-in web server, everything works fine. The website recognizes javascript and aurigma uploader. When I publish the website to local folder and tried to access using IIS 5.1 on local pc,
the java scipt files did not work. I was getting yellow triangle sign at the bottom of the page indicating the object is expected. I tried to look online but i could not find any answer. I have included jquery and javascript file in the header section of master
View 3 Replies
Apr 18, 2010
i am building a member management site for a sports club, i have all the usual feilds
lastName, firstName, address1, address2, address3 ....
but they also want a photo
when i first made the DB i used access 2010 which uses the 2007 file type which supports attachments, however asp.net doesnt support the 2007 format. and the 2003 file type doesnt support attachments, i assume i use the OLE object data type but i have no idea how i get my aspx page "new.aspx" to upload an attachment. plus i want to restrict the file type to *.jpg
View 1 Replies
Feb 15, 2011
How can I Restrict Access to an specific folder, for example I have a folder that Authenticated users upload different files in it. the problem is that every user can access the files via URL in the browser.I don't use asp.net login controls for authenticating and role memberships, I have written login page and roles my self via code behind.
View 1 Replies
Aug 24, 2010
I want to be able to restrict page access in a web application deployed in IIS 6.0. Say my web applications has these pages:
a.aspx
b.aspx
c.aspx
d.aspx
The proper way to access is [URL]" From a.aspx the other aspx pages could be loaded. What I want to be prevent is someone typing in: [URL]
View 2 Replies
Jan 17, 2010
How can i prevent users from getting the list of files that exist in my website?
For example when users type on the address bar the WebsiteAddress+/DirectoryToSearch/ they get the list of files in that directory, without getting any permission denied error
Is there any setting in asp.net that am i missing?
View 1 Replies
Jan 23, 2010
[Code]....
Trying to restrict access to folder but can't?
View 6 Replies
Mar 29, 2011
I need a reliable method to switch off users' access to SSRS dynamically. If you care about the reason, users are not allowed to access SSRS from home, but they are allowed access from within the factory walls.
I can generate a token or event when they arrive at work or leave, no problem, such is the sophistication of our security system.
So I can create a little .net app that pokes SSRS in some way and tells SSRS to allow that username to access reports. When the users leaves the premises, the .net app will prod SSRS to deny that username access.
I considered dynamically adding and removing usernames from the authentication section of web.config in the SSRS root dir, as in <deny=usernamelist />. But given the frequency of changes (dozens per hour at peak times), that seems too intrusive, as it probably causes the restart of the app.
I tried adding usernames to the ACL on the SSRS physical directory (Microsoft SQL ServerMSSQL.2Reporting ServicesReportServer) as deny reader, and for a few brief minutes I thought I had arrived at a solution, but for some reason SSRS decided to serve pages to denied users seemingly at random. Must be cached somewhere, although I can't for the life of me figure out why that would be happening seemingly at random.
I rather like the ACL idea from the perspective of ease of control, and if there's a simple thing i have overlooked in the way SSRS interacts with IIS and NTFS permissions, I hope someone can point it out so I can understand why the ACL seems to be mostly ignored.
View 1 Replies
Oct 13, 2010
I want to secure a particular set of files in a folder by role type. I have the following entry (See below)...I notice this doesn't work (I.e., it doesn't secure the file by Role Type.. anyone can access the file). I've read that I need to map the .WMV extension to the ASp.Net DLL.
[Code]....
View 10 Replies
Sep 23, 2010
How to restrict folder access in asp.net like i dun want any other to see my Uploads folder in browser by link http://www.myweb.com/Uploads
View 3 Replies
Jan 14, 2010
when i would like to restrict files to access only on my Test page , here i am retriving my files in iframe in Test page, problem occurs when a user authenticated themselves then they will be redirected on welcome page and he can access my files through welcome page on Browser by knowing my Folder Name. but i do'nt want to give permissions to access on welcome page using IBrowser i only want to give my files(.mht files) that should be accessed on iframe.
this code as shown below doing pretty well in Visual studio "Debug mode but when i deploy this on iis 7.0 then it is not restricting my .mht files so please help , if you have any othe idea to protect then please give me .
[code]....
View 7 Replies
May 12, 2010
I have just started to use asp.net mvc.
I have read this article about using ntlm authentication
[Code]....
it provides access to specific domain users
[Code]....
I want to restrict access to all my domain users only lets say
[Authorize(Domain="redmond")]
or do I do it via web.config
View 2 Replies
Jun 14, 2010
I need to restric access to my admin folder to certain people. Those with no authentication ticket should be redirectered to a "not allowed page". How do I identify all pages in my admin folder. I have so far but is it OK?
If url.Contains("/admin") Then
'If authentication ticket incorrect then
`Response.Redirect("~/notallowed_admin.aspx")`
End If
And not, I cannot use my web.config for this particular issue.
View 2 Replies
Mar 17, 2010
I have a security issue in my web application where user can enter malicious data/can change the page path directory. To avoid these i want to restrict the user by accessing/typing in the URL.
View 5 Replies
Nov 28, 2010
I have this Internet web service page(webservice.asmx) being consumed jquery ajax call.
And I am hoping to restrict public request to this webservice other than request from local pages (aspx or jquery ajax call).
The web service checks for form-authentication before it gets executed but I just don't feel comfortable the .asmx page and list of services are viewable.
So users can't just type www.mysite.com/webservice.asmx to access my webservice.
View 2 Replies
Nov 9, 2010
I am faced with a rather tricky issue. I am developing a web application that resides beneath a web site. The web application is actually meant for the employees of the company owning the web site. The employees can access the web app from the login facility on the site.
The situation demands that an employee must be able to login to the app only from the office machines and not from anywhere outside. I thought of a logic where in the IP address of the machine in which the employee sits will be stored against the employee profile and when he logs in, the authentication will check for user credentials as well as whether he is logging from the designated IP. If not he is not allowed access to the app even if the login credentials where correct.
I am not sure if this is a good way, because I feel tricky persons can give the same IP of the office machine in another machine, say at home and the logic is broken. Can somebody provide me a better way of solving the issue. I am using ASP.Net login control for user login.
View 3 Replies
Oct 14, 2010
I have a web site project using the .NET 2.0 Framework that I am working on in Visual Studio 2008. I am using a third-party DLL in my project. I have added a reference to the DLL in my project and I can use everything as expected, including a number of extension methods for certain objects. Intellisense sees these extension methods, and I am able to make use of them and I can build my project on my local machine without any errors.
However, when running my website on a production server, I get a Compilation Error saying that the extension method I am trying to use could not be found. I can use everything else in the DLL besides the extension methods on the production server.
This is my first exposure to extension methods and understand what they are, but I can't seem to figure out why I can't make use of these methods outside of my local machine.
View 2 Replies
Jun 10, 2010
I am deploying a public ASP.NET website on an IIS7 web farm.
The application runs on 3 web servers and is behind a firewall.
We want to create a single page on the website that is accessible only to internal users. It is primarily used for diagnostics, trigger cache expiry, etc.
/admin/somepage.aspx
What is the best way to control access to this page? We need to:
Prevent all external (public) users from accessing the URL. Permit specific internal users to access the page, only from certain IPs or networks.
Should this access control be done at the (a) network level, (b) application level, etc.?
View 3 Replies
Feb 22, 2010
We have a scenario whereby we are hosting an ASP.NET MVC web site on behalf of someone else.The customer in this case wants us to restrict access to the web site, to those users who have logged in to their main portal. They should then only be able to get to our web site via a link from that portal.At this point I'm not yet sure what technology or authentication mechanism the 3rd party are using but just wanted to clarify what the possible options might be.If we call our hosted site B, and their portal web site A,as I see it we could:Check the referrer for all requests to B, unless they've come from A they can't get inCheck for a specific cookie (assuming A uses cookies)
View 2 Replies
Sep 24, 2010
I have a menu in my application (created from the sitemap) which I want available to two user roles. However, there are items on that menu, I want available only to one role or the other. So I have created the following in my sitemap.
[Code]....
Essentially, I want employees with the "TimeUser" role to see the "My Profile" link that goes to the EmpProfile.aspx page, but not the link to the client profile page. However, when an employee logs in, they see both. I am guessing this may be because the "My Account" node which contains them allows both roles. Is there a way around this without duplicating the "My Account" node?
View 2 Replies
Jul 18, 2010
I have created an application with multiple webforms what is the best way to restrict access to particular pages based on what group logged on user is in?
View 6 Replies
Aug 19, 2013
I am upload the Pdf Files And Save in Folder But any one easily open this folder
http://localhost:8748/Lib/Admin/Files/ like that
And see all the uploaded pdf and click any pdf open this pdf
like that
http://localhost:8748/Lib/Admin/Files/Asp.net_Interview_Questions_and_answers.pdf
So this URL cannot be open what I can restrict this URL .....
View 1 Replies
Mar 21, 2011
I'm simply adding to a set of rules on existing rewrite rules for our company website. We have a file that we need to restrict to only our internal IP addresses. The URL is http://oursite.com/internal/index.aspx?u=blahblah and need it restricted to IP ranges 10.1.X.X. I'm adding this and it's not doing anything. Even if I tried to capture all using .* for the pattern, it still ignores it. Is my syntax correct?
<rewrite>
<rules>
...
<rule name="Restrict URL" enabled="true" stopProcessing="true">
[code]...
View 1 Replies
Nov 1, 2010
I need to restrict access to my website by physical PC. When a user signs up I want to be able to restrict access to one machine for that account so it cannot be shared round, if, for example, somebody else in the same office wanted to access the system on their PC they would need a seperate sign in.
I have done some investigation and I "think" the only way is installing an ActiveX component (which isn't an issue that is restricts to IE only) and then read the users MAC address. Am I trying to over complicate things or is that the only way? I realise that MACS can be spoofed but this is not much of an issue.
View 4 Replies
Jul 17, 2010
I am using CK Editor, in my application every user have his separate email templates. I want to store images to user specific and user should not view other user uploaded images when browse to Server to upload images
View 1 Replies