I'm working on a website where I need to prevent the direct linking to a few pdf files. I'm using ASP.net 2.0. Is there an easy way in code to do this? or some simple IIS setting?
Right now i'm just using a standard anchor tag to link to the files. i can validate the user on the page containing the anchor tag but that still doesn't stop the user from nabbing the url and passing it on to someone else.
How can I achieve in an ASP.NET application, that a set of URLs/ASPX pages (parts of the application) cannot be called directly from the user in the Browser? These urls/pages may only be referenced in the application itself.
View 2 RepliesIm using an aspx page as the srcl for an image in the host page to serve a dynamically generated image to the user based on parameters they supply
ie
<img alt="" src="generateimage.aspx" id="imagegen"/></div>
Id like for people only to access the content via default.aspx and not the dynamically generated content generateimage.aspx. Any attempt to browse here directly should be redirected to an error page
Here is my dilema, on my site i have a WordPress Audio player (http://wpaudioplayer.com/standalone) that plays my mp3's.
It loads the Mp3's in by javascript...example below:
AudioPlayer.embed("audioplayer_7", { soundFile: "/Files/Music/[name of file].mp3" });
This file name is clearly visible in the browser source. Not a problem, however this means that any user can legitimately browse to the file directly and download it.
Now i still need the mp3 player (which is flash) to have access to the file but if a user was to try accessing the file directly, they would not be allowed access to it.
I am not sure how to go about this, i am circling the idea of a httphandler but not sure if this is sufficiant to stop the direct access to the file.
My ASP.NET application logs transactions (both inside AND outside of databases), and therefore needs read/write access to text files within various directories within the root of the website - in ADDITION to the normal database access.
In this scenario, how can I safely allow my ASP.NET application to write data to the web folders? I have a thread-safe DLL that performs the actual work, so I don't believe I need to worry about multiple sessions writing to the log files at the exact same time - assuming my DLL will only be running in a single instance/process that will be shared between numerous ASP.NET instances/processes/threads.
But I'm more concerned about file access permissions. I've heard that ASP.NET applications generally aren't allowed access to the webserver's local file system, and that this may even restrict my DLL from getting the correct file access. Can I grant my application file-access to the web-driectories?
The majority of files in the Temporary ASP.NET File folder for a given application get deleted by ASP.NET following compilation -- .DLL and .PDB files amongst others remain.
Our compiler produces proprietary debug information files which are amongst those that get deleted.
Marking the files read-only prevents this but are there other options available?
When I publish my Asp.Net MVC website to the production server (via VS2008), the web.config & castle.xml files are overwritten. The content of these files is obviously different between my local dev environment and the production server.How do I prevent these files from being published?
View 2 RepliesI am making a small file hosting website, and each user can upload multiple files, and will have access to just his files and can't access others files, for example by guessing the URL. Is there a way to secure files to have access by just the owner and no body else "may be website administrator also will have access"
View 3 RepliesHaving to deal with URL rewriting, I decided to programmatically add CSS references rather than relying on the automatic behavior of ASP.NET to add all CSS files within a theme automatically to the <head> of an ASPX page.I suceeded in adding the CSS file programmatically by using
<link type="text/css" rel="stylesheet" runat="server" id="CssFile" />
and setting the actual URL it in code behind.My question is:Is there a way to prevent the ASP.NET "engine" from automatically adding all CSS files into the <head> of my ASPX/master page?(Of course, I still could go with my own folders and completely drop the App_Themes concept)
i have a asp.net website i have some files swf files that i want to prevent downloading them
is there a solution that the IIS can have a passord for downloading the file swf file and i can provide this password in some situations on the server that i can pass this password in the code
so that the swf file can be viewed from my page only as provide the password
but no one can download it using download managers or any other http request that request this swf file
For a church website I'm managing, there is a need to place audio files (sermons) on the website. There will be two categories of audio files; one will be a sample size of the audio file, around 5 minutes in length. The other will be the full-length of the sermon (30-50 +/- minutes).
I have decided the best setup would be to place the audio files on the server. I would then store the audio information, as well as the path to the audio file, in a database. I had thought about placing the audio files in the database as a BLOB, but it seemed inefficient. My concern, is with tools like Mozillza plug-in "Download Helper" , it is so easy to simply grab the media files off the server. This would not be a big deal, except we want to sell the full-length audio files. I am running ASP.NET 3.5 on IIS 7.
I have a custom config file in my application say my.config. Suddenly I ecnountered with some error regarding one of the settings inside the config file and the strange thing happens- my content of the config file get's rendered in the browser in the form of error. This is a big security issue for me. My question is how to prevent the content of my config files from rendering in the browser. Note I have already this setting in my web config:
<customErrors mode="Off" defaultRedirect="errors/default.aspx"/>
I am wondering why did not it redirect to error page? we had the settings turned onstill it displayed the straight error.
Sometimes i move files and folders by mistake. Is there a way to prevent this. Something like putting a "lock" on the position of files and folders?
View 6 RepliesI have directories in my website which require authentication.
But when i type the url with the directory name it lets me see the files but doesnt allow access as users need to login.
How can i stop users viewing files if they manually type directory name in?
I am referring [URL] .... how to prevent file to replace when file with same name uploaded, as it replace old one in folder.
View 1 Repliesi am using a multi selecting file upload control which is postBack free.
I am using session timeout.
My problem is that during files uploading my session got expired. Bcoz my uploader not being postback so i can't enhance session timeout. and while uploading my session got expired and process was not ompleted, causes some imp files could not uploaded.
I cant get to directcontroller url (I have change the routing so it will fit into my paging system but I cant fit it also to get the controller url without action (I can gethttp://localhost:51443/home/inde )but I would like to get also "clean" url like http://localhost:51443/home
[Code]...
Im using the ASP.NET Xml control and want to pass it a url to a rss feed and a stylesheet - so that i can style the rss myself on my website. When applying the full web path to the xml control [URL] i get an exception telling me that the document source is not a valid virtual path. What am i doing wrong? I would hate to download the file before showing it...
View 1 RepliesI have a ASP.NET page called admin.aspx that needs to be protected from direct access.
I want it to be accessed only when the user enter his name & password in another page called login.aspx I'm working in ASP.NET with Visual Basic .NET 2008,how to do it.
I have a website that has a members section. To view a members profile I pass the username across the query string, but I want to stop direct access by someone changing the url to a different username.
Do I need to encrypt the query string or is there a better way to acheive this ?
I need to restrict access to pages based on permission given to roles based user .Roles created dynamically so that i can't restrict thru the WEB config file .i am using the custom sitemap so menu is showns correctly based on roles , but if we enter direct url in address bar we can access that page although its not permitted for the user .is there any other way to redirect to common access restrict page .
View 3 RepliesI have a webpage errors.aspx that needs to be protected from direct access. I want it to be accessed only when redirected to by another web page.
View 3 Replieshow to redirect to particular page after login. I have login,EDetails,home page..
1.If the user login very first time(suppose he does not have any personal details) he should be directed to EDetails.aspx
2.User who submitted the personal details already should be redirected home.aspx page.
I have 2 tables later i will add more,1.login table,2.employee detailed table.I am using Login control for login page
I am using Version ASP.Net3.5 with MySql database, Code where i am redirecting in login page
Protected Sub Login1_Authenticate(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.AuthenticateEventArgs) Handles Login1.Authenticate
If YourValidationFunction(Login1.UserName, Login1.Password) Then
Login1.Visible = False
Session("UserName") = Login1.UserName
Response.Redirect("EDetails.aspx", True)
Else
e.Authenticated = False
End If
End Sub
In my ASP.NET app I have a control in the master page that raises an event Foo on certain occasions / interactions.I also have a couple of pages that have another control that must re-bind itself when this event is fired.Unfortunately the only way I can see them communicating between each other is by creating a long event chain (deriving a new MasterPage MasterPageSuperDuper, attaching an event handler to Foo's event in the user control, and then referring to this event in the masterpage from the control present in a couple of pages - basically using the masterpage as a control center).
View 2 Replies IEnumerable<Product> selectedProducts = (from p in products where p.Category == 1select p);
selectedProducts = products.Where(p=>p.Category==1) ;
The above 2 statements seems to produce same result .TheN what is the diffrence? which one is efficicent more?