Security :: Securing Files Using Handler And App_Data Folder?
Sep 16, 2010
I have secured some files on my webserver by putting them into the App_Data folder in the root (I do not have the option to secure folders using the ASAPI filter)The user gets access to these files by requesting them through a handler, fx. by requesting ~/Handler.ashx?file=App_Data/MySubFolder/MyFile.jpgNow, I want to make all the content in a specific folder called "Members" (a single subdirectory of the App_Data folder) available only by passing a specific password. That is by requesting ~/Handler.ashx?file=App_Data/MySubFolder/MyFile.jpg&password=xxxxIn my Handler.ashx I have written some logic seeking if InStr(context.Request.QueryString("file"), "Members") = 0 before sending the file.If inStr <> 0 a password is required.Is this a good way to secure a folder in and its content? Is there a way of getting access anyway, like using some kind of "sub-directory" line in the path (the same way as you can request parent directory by using "../../Myfile.jpg)? I know there will be a problem if someone fx. legitimately tries to access the file App_Data/Members.jpg
View 15 Replies
Similar Messages:
Apr 1, 2011
I have a number of XSLT files in my ASP.NET Web Application solution. Should these go in the App_Data folder?
The MSDN 'Project Folder Structure' article suggests that the App_Data folder is for 'data files'. As XSLT files are not strictly 'data files' then should they go elsewhere?
I do not want end users to be able to access the XSLT files from their browsers, so App_Data seems like an obvious location for this, but I am not sure.
View 1 Replies
Jan 7, 2011
My Microsoft Access DB file is in APP_DATA folder. my server is Windows 2003 and I like to know how is the best way to protect this file.
so which one is safer ?
./wwwroot/App_data/Database.mdb
or
./db/Database.mdb
View 2 Replies
Oct 30, 2010
The following code is used to add the asp membership tables to an already existing database instead of creating a seperate database for membership and having two databases in the application.
aspnet_regsql.exe -S .SQLEXPRESS -U username -P password -d databsename -A all
It works fine by adding the membership tables to the existing database that is located in the c drive, program files sqlserver folder.
But my database however is not in the c drive but located in my asp website app_data folder, so the above code does not give any error and the tables are not added after I run it. how can I now add the membership tables using the above code when my database is located in the website app_data folder,
View 1 Replies
Feb 12, 2010
I am having problems getting the security.aspx to load up on my primary development computer which is using Windows 7 Ultimate and Windows IE 8. Clicking on the ASP.NET Configuration icon from the IDE in the Solution Explorer within Visual Web Developer 2008 Express Edition loads up default.aspx with no problem. But when I click on the "Security" hyperlink to access "security.aspx" I get a message along the lines of "The configured SQL data source provider is not properly configured". It goes on to state a list of potential reasons for this problem. One that includes not having the proper credentials or permissions. Im almost 100% sure it has something to do with permissions because I can't even get to the "security.aspx" page from opening a new empty project. I have recently installed Visual Web Developer 2008 Express Edition on my laptop which is running Vista with all latest updates and this issue does "not" exists. I can click the "ASP.NET" icon, load up "default.aspx" and click "Security" and it loads the page with absolutely no issues.
I have discovered a weird workaround but I don't like having to do this. If I add the following lines to my "web.config" file from any given project I can get to the "security.aspx" page without getting any SQL messages about improper configuration or permissions.
<<remove "LocalSqlServer">
<add
name="LocalSqlServer"
connectionString="data
source=.SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true"
providerName="System.Data.SqlClient"/>
Basically, what I have to do to get to the security page to load without error is add a remove statement and then I just cut'n'paste almost the exact same connectionString from machine.config in the Microsoft.netFrameWorkV2.0.5027config directory. This does away with the "Improperly configured SQL datasource message" and gets me a new error message along the lines of "Could not create a SQL instance". My memory is fuzzy on exact error messages since Im not at development computer right now. However, when I change the User Instance attribute from true to false, then I have success at last.
View 2 Replies
Jun 16, 2010
I have a folder with png images that are not shared or public (the folder is outside my application folder). Now I want my users to be able to view thoose images only if they are logged in (different users, different images). All images have a name that correspond to the users id. My idea is to stream thoose images into the asp:Image control, is that possible? How do I do that? Other (better) solutions?
View 6 Replies
Jul 1, 2010
I was following the tutorials from this two sites:
http://www.15seconds.com/issue/070104.htm
http://aspnet.4guysfromrolla.com/articles/020404-1.aspx
Following the first site, it had worked but when I´ve moved the pages and files to other folders and set the web.config file on this folder, now it won´t work at all!!!
The file is an *.swf object. I did put the asapi.dll to map the extension on the website root, I´ve put the
[Code]....
on the web.config new folder and on the web.config website´s root.
It won´t work!!! I can access the file directly!!! on the web.config of the folder that contains the file, there is a <deny users="*" /> line.
View 4 Replies
Apr 6, 2010
I have a HTTP handler that returns a GeoRSS feed (type of XML) when called. This handler is called from a javascript and the returning xml is consumed directly by a Virtual Earth (bing) map control on the same page. I am Encrypting/Decrypting URL parameters but any one can see the source html, copy the url and get access to the xml feed.Since the call is from javascript how can I prevent unauthorized access to the HTTP handler?
View 2 Replies
Feb 18, 2011
I've noticed that ASP.NET automatically creates an App_Data folder for you whenever you make a new webforms application.
Since all of my data comes from a SQL Server 2005 database server, is there any reason to actually keep this folder?
View 8 Replies
Jan 30, 2011
Pardon if this is a very dumb question, but I was trying to migrate an existing ASP application to asp.net MVC, and followed the procedure from the music store tutorial (http://www.asp.net/mvc/tutorials/mvc-music-store-part-4), which involves adding the
database to the App_Data folder. (I had to restart my machine before it would work, since otherwise, Visual Studio thought the database was being used by another application.)
Now when I check in Windows Explorer, it looks like the database file was literally copied into the App_Data folder, and now I have two mdf files on my hard drive with the same name. What is going on there?
Will my MVC app ignore the original (real) database and use it's own private copy instead? (That would be bad.) Or is the new copy just for reference when using wizards that generate entity classes etc.? If the latter, what is the procedure when the real
database is modified, to update the application code?
View 4 Replies
Dec 16, 2010
In my website I have a page to upload files. It works fine when I run the website on my local machine and also in visual studio in the server. But, I cannot upload files when I access the website through the browser. I have given all the pemissions I know to the upload folder like - ASPNET, Network Service and IUSR. I am using IIS 6. It is a dedicated hosting. I can access all the pages, but only the upload does not upload files to the folder and it goes to the error page (but I don't know what is the error).
View 1 Replies
Apr 23, 2010
I have put a css file in App_Data folder and referrenced it properly in the page to be used. But when I browse the page then it does get loaded and page is shown without styling. Well I know why it is happening because Asp.Net run time blocks access to App_Data folder at run time. But I wanna ask that how we can make it working that is I put the css file in App_Data folder and it still works.
View 8 Replies
Jul 6, 2010
How can i decide wich images can be viewed and witch cannot?
Is it possible to keep all the files in one folder but programaticaly decide wich ones can be seen?
I dont want the user to be able to navigate and browse the folder with all the images, but i want some images from the folder to be viewable for anonymous users.
View 3 Replies
Jan 4, 2010
I am building an ASP.NET 3.5 Web Application and I am NOT using the membership provider for security. In the application I have a role named Admin and all the files for this role are inside the Security folder in the project. Currently for all the pages inside the security folder I am checking to see if the logged in user's role is an Admin or not. This to me seems very redundant, can do something like "If the user is requesting a page inside the security folder then check his role".
View 1 Replies
May 5, 2010
I can see the AdventureWorks MDF file in my Server Explorer window in VS, but when I try to add this database file as an Existing item to my App_Data folder in the Solution Explorer it gives me an error saying that this file is in use. Is it possible for me to add my Adventureworks database to the App_data folder? I am running a 32-bit XP using SQL Server 2005 Express.
View 2 Replies
Oct 12, 2010
How to place a MYSQL database in my ASP.NET site?In what format I produces the file to my APP_DATA database folder to place it.
How to build CONNECTION STRING to database located in APP_DATA.I created a site conncted with a LOCALHOST database.Now I want to import it into my website folder APP_DATA
View 2 Replies
Dec 25, 2010
i need to rename microsoft access database in APP_Data folder using ASP.Net - VB.Net
View 1 Replies
Sep 29, 2010
I have a few questions regarding the "special" ASP.NET folders in Visual Studio web projects.
Adding an App_Data folder in Visual Studio is present, but grayed out in my C# web project, why?
What are the meanings of the various ASP.NET "special" folders?
App_GlobalResources App_LocalResources App_Data App_Browsers Themes - I know this is used to contain stylesheets for a particular theme and is then specified in the web.config or page (if I remember right).
App_Code - Were these classes that were pre-compiled? Do these ASP.NET folders retain their special meaning if you manually create a folder with the same name instead using the "Add ASP.NET Folder" feature in Visual Studio?
View 4 Replies
Dec 5, 2010
When I try to connect to access database from app_data folder of the webform I am getting "Invalid UDL file" .
View 1 Replies
Aug 11, 2010
I have a folder with username and password over it.I wanna make a page where i can access files under that folders in .net and be able to download them.How to code that in VB.net?
View 2 Replies
Mar 7, 2011
My restricted files are all stored in ~/Secured folder on the root. Authorized users have no trouble accessing aspx files in that folder. Recently I added a part of an application whose files I wanted to keep separate and created a ~/Secured/HR folder. I am getting a "resource not found" error trying to use any aspx file in HR folder even after user successfully logs in, as if the file does not exist at all. Here is my web.config security settings:
[Code]....
Do I need to configure security for that folder separately?
View 1 Replies
May 5, 2010
I have 32-bit XP with SQL Server 2005 Express and VS 2008. I have successfully added the Adventureworks DB to my VS website and I can see it from SOlution Explorer, however, the entire DB is attached. How would I only attach a few of the tables and stored procedures from this DB?
View 1 Replies
Apr 20, 2010
An associate wants to store an Access database in the App_Data folder of a website that lives on a local server and write new data to it daily from Microsoft Access on a client computer on the local network.Internet users will access the Access data from the website.
Is it possibe to write to an Access database in the App_Data folder of a website that lives on a local server using Microsoft Access? And also connect and read with ASP.Net?The internet connection is "Read Only".
View 4 Replies
Oct 22, 2010
I'm new to .NET and while starting to learn ASP .NET MVC2 framework I see that you can create a .mdf file inside the App_Data folder and connect to it or you can connect to a SQL Server.What is the difference between these to methods of interacting with a database? What are the advantages/disadvantages of one over the other?
View 1 Replies
Jul 24, 2010
I have web application project and i want to edit aspnetdb Database, but id does not appear in App_Data folder.I even cant see web.config file for subfolerds. When i create web site project in vs, i can see the aspnetdb Database.Vs Version : 2008
View 4 Replies