How To Lock Down & Secure Files Stored On Server In .NET
Apr 23, 2010
How do I go about securing files that are stored on the server? We have an ASP.NET app which generates PDFs. These are not stored in the wwwroot folder but in another folder i.e. C:inetpubdata. This provides more security but maybe not enough. The ASP.NET/IIS process will need write access to this folder so it generate the PDFs there.
Once the pdf is generated, it can be viewed using an ASP.NET form called viewpdf.aspx with the file to be viewed add to the query string like so viewpdf.aspx?FILE=mynewfile.pdf. This is loaded from a gridview.
The full path to C:inetpubdata is resolved and loaded in the Page_load event of the viewer page. Now I'm wondering how to secure this. Anybody could just view the file. Not by entering in the URL, as it won't been seen by IIS (its not in wwwroot), but could change the querystring in the viewpdf page.
How do I stop anybody hacking this?
View 3 Replies
Similar Messages:
Jul 23, 2010
i have a folder where some txt files are located.
i want to get list of those txt files using query in SQL Procedure.
I tried some Query it is not returning Txt files in List. It just Listing Folders.
how can i achieve this.
View 3 Replies
Dec 3, 2010
I've to download files from our 38 clients secure websites. They are our data resources. Currently data collection process is manual. Logon to the site, login with username and password, then download files, save to local folder, close window once download is completed. We are trying to automate download process. Plan is to handle login part with code and directly show list of filename to User with check box , so User can select files and click to save.
Rest all will be handled programtically. Once download is complete the status for that file will change to "Saved" or "Download Complete. I'm working on Window 7, VS2008(C# asp.net). Trying to make it work with WebClient class. It'll be great if you can post some source code or guide me to link or post for solution.
View 2 Replies
Jul 2, 2012
My client is moving from a linux to a windows shared server that uses the following:
Plesk Panel 9.5
PHP Version 5.2.13
ASP.NET framwork version: 2.0.50727.0
They currently are using .htaccess in several folders that make the user have separate credentials that relate to each folder.
Is there a way to do this on the new location using web.config? I tried using .htaccess but doesn't seem to work. I am able to get the .aspx files in a folder so if accessed and not logged in it goes to a login page.
If I have a bunch of .html pages in a folder, can I configure web.config so if someone goes to one of the .html pages direct it asks for credentials?
View 6 Replies
Feb 23, 2011
I'm building a site in which users can purchase MP3 files which they can download from their user login area.
In previous applications I've developed, I would allow admin to upload the file and it would be stored under "/Uploads/MP3s/filename.mp3". However, I need to make this secure so that users cannot gain access to these files until they have purchased them.
View 2 Replies
Jan 10, 2011
How to row lock in SQL Server 2005. I execute a sql for row locking and that is
SELECT *
FROM authors
WITH (HOLDLOCK, ROWLOCK)
WHERE au_id = '274-80-9391'
it work fine but in this case row is lock for update not for selection. I just want to know how to lock a row as a result another user can not see that row when issue a SQL in SQL Server. please guide me. thanks
View 3 Replies
Aug 31, 2010
is there a way do something like this:
[Code]....
View 5 Replies
Sep 24, 2010
I develop an application using LINQ to SQL. Recently I deploy the application on server and starts performance testing using WAPT for 100 users. Unfortunately, 90 requests are failed while placing an order and only 10 are passed. I analyse and found that for every failed request I got an error "System Exception: Transaction (Process Id 68) was Deadlocked on lock resources with another process and has been chosen as the deadlock victim. Rerun the transaction."
View 5 Replies
Oct 15, 2010
i want to know Advantage and Disadvantage of lock in OLTP system??
View 2 Replies
Jul 13, 2010
My web application will be launched through existing thick client applications. When launched, an HTTP POST request will be generated including information like the userID and additional context information (basically stuff like the target user's name, birthday, etc.).
My plan for authentication is for there to be a look-up table in the database. If the username is already there, automatically login the user, but if there is no entry in the database, redirect the user to an initial login page which will be used to create that database entry.
My question is how to secure this against MITM and other security holes. How can the request generated through the thick client be on an SSL connection? Doesn't an SSL connection have to be authenticated with the username (and password) first? And if so, will the additional context information be publicly exposed until the user is logged in?
View 1 Replies
Oct 25, 2010
I have a browser compatibilty problem with https? I have SSL installed and is in usage. Until today morning, my https part is working well. From then, Https is shown as https(with slashed in red color) saying the page has some insecure content. I have not changed any code and suddenly i see this problem in chrome. In IE 8, i see the same problem but on every page, it shows me a popup if i should allow to opne secure and non secure or just secure. Firefox has no issues . It shows correct https without any problem. I am fed up with it searching all over. Why is this happenening for me in Chrome and IE 8.
View 3 Replies
May 18, 2010
I have a big excel file , and i want to upload it to server.
on upload_click , i have to do a processing which takes very long time,
because i am finding latitude and longitude from the google by reading that excel file.
and i wanted that when used click on CANCEL button the process should stop.
i have created a thread on upload_click and doing all this stuff in that thread .
when user clicks on CANCEL , i am aborting that thread.
but when user again tries to upload file , i am getting the error that file is in use .
to solve this problem i have to stop aspnet_wp.exe from task manager and have to try again .
View 1 Replies
Oct 24, 2010
I have a custom mini login user control that I have embedded in the top of my website which shows on every page. These pages are non-secure HTTP://. I would like to avoid having to redirect the user to a HTTPS page to perform the login but I definitely don't want to send login credentials to the server in plain text.
I am trying find a method to send the user's login credentials encrypted via https from a non-secure (http) page.
I tried to set the postbackurl for the login button to itself but in https, but the user's input is not retained and the buttonLogin_click is not fired when I set the button postbackurl property. My ASP.net web application is VB.Net framework 4.0
I am assuming this can be done because I see lots of websites where login fields are on available on every page and they are running http and I can believe they are not encrypting the login credentials.
View 3 Replies
Jan 14, 2013
I have made an application where I am displaying the .pdf , .doc , .docx files. These files are uploading from an Admin Panel.When user place a mouse pointer on download icon provided in front of every file, it shows the complete path where it’s get saved.I want to avoid this path visibility even when user place mouse on download icon and even if it Inspect an element (as most modern browser will have this functionality).
View 1 Replies
May 14, 2010
If I have users upload images to my web server, and they are simply stored in a folder, how secure are they? This of course is assuming that IIS is configured not to serve image files directly from a browser request, or mods are made in the web.config file to prevent direct access, etc, ex:[URL]
View 5 Replies
Mar 16, 2010
I get this error on line 39 -"Server does not support secure connections.".
[Code]....
View 5 Replies
Jun 1, 2010
I'm wondering if theres already a combo let say jQuery - Some C# DLL to proive a secure both way communication between ASPX forms with jQuery and a control layer based on ashx files with C# classes...[From comment below]Well I see I have to be more specific. The are things like sniffers on simple network analysis tools even like Firebug that let you see the data transfered via POST or GET. The idea to secure a Server Client application is to ensure that data isn't corrupt and compromised, and to achive that you have to make imposible to an atacker to report false info so the best is to have improved some cryptographyc algorithms both on client and server to crypt decrypt encode decode data...
View 2 Replies
Mar 4, 2010
I have a file called webpart.cs which is called by one of my masterpages in Sharepoint, where are those files stored on the Server?
View 1 Replies
Jul 20, 2010
I have a graphical user interface for my company product.I want to secure the data being sent back and forth between client and server.
Is SSL one of the options? some1 tell me the steps on how to implement it in my application code.
Do i need to buy the certificate or can i make it.. which is the best choice?
I am logging in using FormsAuthenticationTicket as follows:
Session["userName"] = UserName.Text;
Session["password"] = Password.Text;
Session["domain"] = Domain.Text; [code]....
View 3 Replies
Aug 10, 2010
I have a GUI when i log in i create a cookie and it encrypt it. I am usin SSL.
I check in the Login.aspx page if the cookie is secure, which it is. but then before going to the default page it goes to the Global.ascx page.
Here in the Application_AuthenticateRequest it gets the cookie and decrypts it for the default page..
Now i know that it is getting the same cookie as all the other attributes match the one that was created in the Login.aspx page excet that the secure value is "False".
this is the case for all other pages after default. the value of the cookie.secure is false.
why is this happening as i want all the pages to be secure by SSL.
Also the pages are opening as https not http.
here is my web.config
[code]....
View 1 Replies
Jan 18, 2010
After logging to the mvc site using a secure connection (https), calling actions using https connection show up with the user logged in but calling actions using http it bahaves as if user didn't log on. Since I need to use a virtual directory for https connections(and can't use that directory for http connection) Https links start with: [URL]
View 1 Replies
Sep 17, 2010
I'm working on a legacy web application - frames and a mixture of html, asp and aspx. The entire site is https. For some strange reason when I hit a specific page I get the magic message that says the Page contains both secure and nonsecure items. (IE obviously doesn't want to tell me what those resources are) I have checked the page that's being loaded and there are absolutely no http://... links - everything is relative links.
I have fired up fiddler and checked what's being requested - everything looks fine. I am completely at wit's end here. I have absolutely no idea why I'm getting this message, but it's completely screwing with the site.
View 3 Replies
Jul 20, 2010
I am rather new to asp.net but I have built a couple of apps that do not require users to login. am having some problems moving my secure .net application from my laptop to a production server, however, and I am hoping someone can help me. On my laptop my application's user authentication functions as it should, but when I move my application to a webserver I get an assortment of errors. Forgive me if these questions are a little basic. My first question is this. In a production environment do I move the ASPNETDB.MDF file in the App_Data folder to my SQL server? Is it OK to rename it to something more descriptive?
View 4 Replies
Oct 28, 2010
Currently I am facing a problem to communicate with a server that enable ssl...
normally we are using TCPClient to send and receive data from server, but now the server that I trying to connect to, need SSL and certificate..
I was trying to search at google and most of the solutions i got it is use SSLStream and X509Certificates. and I have another question, Am I need to create Client and Listener in order to communicate with that server? Because I had reviewed all the sample and they didn't attach the private key when send request to server.
View 1 Replies
Feb 17, 2011
I have a web application that allows users to upload files which are stored in a database. Users can then search for files and click a link to download them. Clicking the link opens a new window which retrieves the file from the database and offers the user the chance to open the file or save it.
All of the users within our organisation use IE 6, yet while some can click a link and download the file, others can't. The new window simply opens for a split second, then closes. If it was all users I would think it might be the application, but as it is only some I am tempted to think it is a browser issue.
View 2 Replies