Security :: Image In Folder Security
Aug 16, 2010
Im designing a site where registered users can upload their own images that should be displayed to any visitor. However the images have to be approved by an admin. So when the images are aproved they will show in an image gallery.
My problem is how to protevct the images from browsing. I dont want anyone to be able to just write in the folder url and broswe through all the images.
My questions:
1. If i store the images in the app_data folder they will be proteceted from browsing directly. But they cant be used in an webpage that is public either, correct?
2. If i store them in a public folder the images can be used to display on a public page, but even the images that are not aproved will be accesible if one knows the url to the folder or the image itself, correct?
3. It wont help if i secure the image folder with roles cause then the images will only be accesible by the user that is logged in and is in the proper role.
View 1 Replies
Similar Messages:
Jun 16, 2010
I have a folder with png images that are not shared or public (the folder is outside my application folder). Now I want my users to be able to view thoose images only if they are logged in (different users, different images). All images have a name that correspond to the users id. My idea is to stream thoose images into the asp:Image control, is that possible? How do I do that? Other (better) solutions?
View 6 Replies
Nov 4, 2010
I have created a .NET 3.5 # web app. It has a master page, a homepage, and an Accounts folder with Login.aspx, Register.aspx etc.When I run the app Login.aspx displays but it doesn't display the Image from the Images folder, it doesn't inherit the MasterPage/CSS and when I click on the Register link it stays to the login page .I understand that this is probably down to permissions. Do I have to put a web.config file in each of the Folders or do I update the main web.config and add location elements to allow access.
I have looked at a .NET4 example and the web.config is in the Accounts folder - however this isn't working on my 3.5 example.Any links to complete ASP.NET 3.5 login, register web app examples would be great?!
View 2 Replies
Jan 12, 2010
I have a web page where I am denying anonymous users from accessing. In the web site I have a folder called FileManager. In the web app the usres have the ability to uploaded files and when they do a folder gets created under the filmanger and the files are saved. I have created a web.config in this folder that denies anonymous users. The problem is if the user knows the directory structure they can type in the url of the site add /FilManager/x/x/NameOfFile, where x are the sub directories. If the file is an image it shows the image in ie, if it is a .xls or .doc or what ever they get the prompt to either download or save the file. What am I doing wrong. Will the web.config file not stop an anonymous user from access files? I put a webpage in the folder and it is blocked and the user gets sent to the login screen, but files seem to be unsecured.
How do I block anonymous users from being able to access the files in this folder?
View 4 Replies
Mar 11, 2011
I am creating an application hosted on GoDaddy.com. The base files are kept in a folder called /sky while the Admin files and User files are kept in /sky/Admin and /sky/User respectively. I'm having difficulty configuring the security so that when a user tries to access Admin or User files they should be redirected to the login.aspx file in the /sky folder. I keep getting an error that its trying to access sky/sky/login.aspx instead of just sky/login.aspx.
Here are the relevant sections of my web.config file.
<?xml version="1.0"?>
<configuration>
...
<location path="sky/admin">
<system.web>
<authorization>
<allow roles="Admin" />
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="user">
<system.web>
<authorization>
<allow roles="Admin,User" />
<deny users="*"/>
</authorization>
</system.web>
</location>
<system.web>
<customErrors mode="Off" />
<authentication mode="Forms">
<forms name="login" loginUrl="login.aspx" />
</authentication>
...
</system.web>
...
</configuration>
Can someone point me to articles or provide assistance with the proper configuration?
View 3 Replies
Jul 22, 2010
I created a soultion and used membership for login and I have the site working fine you can log in and out and I can see that my roles are working. I created a folder called Admin and I created a webpage in there that I can edit my data table that I wanted to be able to edit when I am logged in as a user with Admin role thats working... well it works...
anyone can get to this webpage and edit my data. I have it set in the membership using the role managment to deny users * and allow users with Admin role however I can open up a new browser with out login into my site and type in the web information and it pops right up says Welcome:Guest [LOGIN] theres my data and I can edit it see do whatever and this page shouldn't be able to be seen.
What did I do wrong?
example www.domainname.com/admin/editmydata.aspx
View 3 Replies
Mar 18, 2011
Is it possible to add some security rules for files inside a folder with session value, as with impersonate settings in a config.web file? Right now i restrict my pages with sessions value, but can't obviously not do it for downloaded file like .zip, .doc, .ppx etc.
View 9 Replies
Jan 12, 2010
I need to provide security confirmation image generator for registering purpose on my website. it should show each time different numbers or letters or combination of them.
View 2 Replies
Nov 10, 2010
I develop one application that create folder with special permission.
It works, but when I install the application on server I can't set any permission.
I think because it needs domain admin to set this permission... I've one account of one domain admin but how can I do to impersonate when the application set (try to set...) the permission ?
View 2 Replies
Jan 7, 2011
My Microsoft Access DB file is in APP_DATA folder. my server is Windows 2003 and I like to know how is the best way to protect this file.
so which one is safer ?
./wwwroot/App_data/Database.mdb
or
./db/Database.mdb
View 2 Replies
Nov 28, 2010
I am trying to access a shared folder which is located on a different server rather than on the asp.net server.
I configured windows authentication and set impersonation to true. Also try with enable/disable basic authentication.
I have tried the following:
with a mapped driveshared folder access (\sharedfolder)virtual directory pointing to shared folder with pass through configuration. However none of the above works. I am getting "Access Denied" error when trying with shared folder and virtual directory. In the case of mapped drive getting "Not Found" error.
View 4 Replies
Jan 23, 2010
[Code]....
Trying to restrict access to folder but can't?
View 6 Replies
Jan 24, 2010
i have asp.net 2.0 web site and in the main root i have some secure pages so if any unauthenticated user try to visit my page the browser redirect him to login.asp page (it was correct) but in my web i have subfolder named (Admin) and i want to secure all pages under this folder and redirect any user to new login page. how can i do it?
View 7 Replies
Nov 30, 2010
Ever since I enabled asp.net authentication my .jpg (mypic.jpg) from folder Pics do not show up. What am I doing wrong?
[Code]....
<
img
align="right"
alt=""
src="Pics/mypic.jpg"
View 2 Replies
May 31, 2010
I created a website with a file manager where the client can upload, delete, preview etc. This works fint but the problem is that the folders where the files are going to be saved will be on another server. I am testing this locally for now but will deploy it once finished
I setup my website in the IIS. Created a 'Virtual Directory' and linked the directory to a folder in my 'C://'. The virtual Dir path is "~/upload" but when i user Server.Mappath() it gives me "C:/inetpub/wwwroot/website/upload" insted of the actual dir path "C:Documents and SettingsUserMy DocumentsVisual Studio 2008WebSitesWebsiteuploads"
View 6 Replies
Dec 16, 2010
In my website I have a page to upload files. It works fine when I run the website on my local machine and also in visual studio in the server. But, I cannot upload files when I access the website through the browser. I have given all the pemissions I know to the upload folder like - ASPNET, Network Service and IUSR. I am using IIS 6. It is a dedicated hosting. I can access all the pages, but only the upload does not upload files to the folder and it goes to the error page (but I don't know what is the error).
View 1 Replies
Mar 24, 2011
I am maintaining an ASP website and the users want to be able to click on a link that open up a folder where they could select which file they want from within that folder.
I tried to making a link with the tag <a href=[folderpath]>Text</a> but I can a 403 HTTP error saying that the website requires a login for this action. Is there some way that I could send the person's credentials along with the request so the folder can be opened?
View 2 Replies
Feb 5, 2010
I'm trying to get a website that has anonymous authentication for most of the site, but windows authentication for a sub folder.I've turned off anonymous access in IISEnables basic or Integrated authentication (tried both)Used this in web config to give all users access to main site
<authentication mode="Windows" />
<authorization>
<allow users="*" />
</authorization>
Then this to restrict a location to authentication
<location path="thefolder">
<system.web>
<authorization>
[code]...
View 1 Replies
Jun 16, 2010
I've developed a file browser that will browser a different server shared folder. In order to get this working I'm using the unc path (\ServerSharedFolder) to return the files/folders. I've also added the following to my webconfig to get around the security <identity impersonate="true" userName="domainadmin"
password="password" />
It's simply a file browser, no create or delete functions will occur. The solution works and what I want to know is that this the safest way to do this? or the best way? I did try to use a virtual directory instead of unc path but asp.net would support this.
View 1 Replies
Jan 28, 2010
I have a folder that cannot be accessed by anyone except the management role of my web site. But, I added a folder to this and it can be accessed by anyone.
Of course, I can explcitly set the access to only a specific role(s) but I would like to know if I can tell set it so that even folders nested inside a restricted folder can take on the same permissions settings as the folder in which it is nested.
View 3 Replies
Jul 6, 2010
How can i decide wich images can be viewed and witch cannot?
Is it possible to keep all the files in one folder but programaticaly decide wich ones can be seen?
I dont want the user to be able to navigate and browse the folder with all the images, but i want some images from the folder to be viewable for anonymous users.
View 3 Replies
Dec 17, 2010
I am doing Search functionality for my website. For this purpose I am using Lucene.net search files and dlls in my web application. There are 2 folders get created in web application namely 'index' and 'cache'. These files contains crawled pages of my website. Search pages searches these two folders for searching. This application is run with no error on my local server. but when i upload these folders and these search pages on my server and search it will show error.
Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
Previously I found that this error is due to Medium trust level of server.
I checked this error on my Local by setting my local server trust level as Medium and on my local it was showing same error. so i made change in my code, after that its working on my local with Medium trust level as well. But on my web server it still gives same error. So what changes should i make in my app so that it will run in Medium trust level.
View 5 Replies
Jan 4, 2010
I am building an ASP.NET 3.5 Web Application and I am NOT using the membership provider for security. In the application I have a role named Admin and all the files for this role are inside the Security folder in the project. Currently for all the pages inside the security folder I am checking to see if the logged in user's role is an Admin or not. This to me seems very redundant, can do something like "If the user is requesting a page inside the security folder then check his role".
View 1 Replies
May 3, 2010
how can we set grant or dynie access or permissions to folder by programming c# in asp.net?
View 5 Replies
Jan 16, 2011
I want to remove execution permission for one folder in the site.
For example:-
I uploaded files to one folder called "Downloads" .
so, user can download those file just browsing "http://localhost/downloads/uploadfile.wmv". But problem is once user uploaded ASPX page (default.aspx). then user can browse like this http://localhost/downloads/default.aspx". In that, if he wrote so code for removing files..!. So, I don't want to run the script in this folder, I just want to show that file as text output.
Note:- This I can handle by using my own code to display files(ASPX, ashx and ....). But, I want to allow the user to access directly to that file.
View 8 Replies