This is really a couple of questions about preventing unauthorized attempts to access a specific file type. Here go the questions:How do I prevent users from directly requesting a type of file? Do I write an HTTP handler?After preventing a direct download, can my app still explicitly serve that file type? How?
View 1 RepliesAt the moment in my ASP.NET webApp I have some resources such as some .pdf files or pictures in specific folder in the host . If any user know the URL of those files can access them from the browser , How can i manage access or ban anonymous user from those files ?
View 2 Repliessuppose we have a example.exe file. we first put that file in a new folder and then zip that folder with any zipping software, Can we prevent that zipped folder upload in a website?
how can we do that?
For a church website I'm managing, there is a need to place audio files (sermons) on the website. There will be two categories of audio files; one will be a sample size of the audio file, around 5 minutes in length. The other will be the full-length of the sermon (30-50 +/- minutes).
I have decided the best setup would be to place the audio files on the server. I would then store the audio information, as well as the path to the audio file, in a database. I had thought about placing the audio files in the database as a BLOB, but it seemed inefficient. My concern, is with tools like Mozillza plug-in "Download Helper" , it is so easy to simply grab the media files off the server. This would not be a big deal, except we want to sell the full-length audio files. I am running ASP.NET 3.5 on IIS 7.
i am building a member management site for a sports club, i have all the usual feilds
lastName, firstName, address1, address2, address3 ....
but they also want a photo
when i first made the DB i used access 2010 which uses the 2007 file type which supports attachments, however asp.net doesnt support the 2007 format. and the 2003 file type doesnt support attachments, i assume i use the OLE object data type but i have no idea how i get my aspx page "new.aspx" to upload an attachment. plus i want to restrict the file type to *.jpg
Setting the .Net trust level to Medium on a site will ensure that no code can access files outside the application directory.
I have an ASP.Net site that must run in Full Trust. I have configured my website in IIS to use its own Application Pool Identity [URL].
Currently it is possible for scripts/code in this app to read files outside of the application directory. This occurs because by default, accounts that are a member of the BUILTINusers group are able to read most files on the system, including c: and c:windows. It appears that Applicaion Pool Identity accounts are also members of BUILTINusers.
Is it possible to prevent file access outside the website folder while keeping Full Trust?
My code can be found here http://stackoverflow.com/questions/3604864/c-asp-net-ftp-error I am trying to download a file from an FTP server when I try to download it it says I do not have access I have been googling this all morning and have not had any luck. I went to the designated folder and added Everyone with full permissions hoping I was missing a user and that did not work. I tried giving full permissions to myself, Anonymous user, network service, and a few other users that I have found. I have tried using
<identity impersonate="true" /> and
<identity impersonate="true" userName="myfullusername" password="mypassword"/>
I am still not having any luck the full error I get is:
System.UnauthorizedAccessException: Access to the path 'C:UsersmynameDocuments' is denied. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath)
I have developed an application in ASP.NET 3.5 which utilizes the Membership and Roles Providers and Forms Authentication to manage user access and profiles.
There are various area's of this application that are only to be used by an admin users whom login using their email and password and the rest of the users log in using their telephone number and password via their iPhone.
For simplicities sake, I would like to have two different login pages, one that is formatted for the iPhone and performs the correct validation for users adding a telephone number and the other for the application administrators.
I want to redirect the user to their respective login page based on which folder they are attempting to access. For example say I have an application structure like this
/Admin
/Couriers
/Customers
/Whatever
Default.aspx
iPhoneLogin.aspx
adminLogin.aspx
Web.config
I want to be able to redirect users who go to [URL]/Whatever to iPhoneLogin.aspx and users to go to [URL]/Admin to adminLogin.aspx
I am working with Staff Images and Staff Dependants Images (photos) and I have to deal with such images among Adobe LiveCycle Forms, File System JPEG Format, Storing them in SQL Server, and finally, displaying them in regual web forms (ASPX).
In order to have the most reasonable and flexible desing, I did the following to:
1. Load the image from predefined location defined in web.config.
2. Convert the images to Memory Stream,
3. Convert the images to Base64 format,
4. Convert the image to XML Node.
In web.config, I defined the following:
[Code]....
I load the Staff Photo into Memory Stream as follows:
[Code]....
And I create the Base64 XML Node as follows:
[Code]....
As a matter of fact, all above is working 100% correctly while dealing with Adobe LiveCycle Form, for Loading and Saving Imgaes from/to PDF.
The above method will allow me to finally save images to SQL Server field type varbinary(max) and also into File System as regular image files. Also, I have full security and control over the images, becuase the above method will allow me to have full control for who is authorized to get/view the images. The end-user does not have direct access to where the images are stored.
How to use the above method to display the image on a regular ASPX Web Page using Image Server Control ? I do not want to use the src='path to image file', I want to be able to push the image content/binary to the IE without providing a link to the image file, how I can do this ?
My objective is to prevent the user from having direct access to the image files from the Browser.
[Code]....
Unauthorized: Access is denied due to invalid credentials.
I'm setting up a new site on a new server. I created the site in the IIS manager and pointed it to my site directory. But, I now receive this error each time I try to navigate to the site.
I didn't receive this error on the other server, so I'm a little confused. I looked this up, but most of the information I've found is about configuring the users that people have setup. But, this site won't be secured like that. No one will need to log in.
I have been struggling with an issue that sounds like it should be quite common but I can't seem to get the thing working no matter how much I research it!
I am using an AJAX file uploader to upload files (up to 100MB) to the webserver and when the user clicks a button to complete navigate to the next page, I then attempt to move the files off the webserver onto a file server on Page_Load. Both servers are WinServer 2003. There just isn't enough space on the webserver to hold all the uploads once we go live with this solution so I have to get the files off the webserver.
Uploading the file and creating a new subdirectory on the webserver (to hold the file) works no problem at all. When I do the file copy to our file server locally on VS2008, again, no problem. However, when I delopy to the live server and try the same thing, the upload happens ok, but the file copy does not. I get an UnauthorizedAccessException. I don't have access to the webserver myself (but can request it if absolutely necessary) and our file server sits within the same domain (Active Directory).
I do not want to use Impersonation at a high level (web.config), so I tried it programmatically for the purposes of the copy file but it did not work. I used one of our general clerical accounts to pass in the credentials and gave full permission to this account on the file server to create/modify files.
Stack Trace:
[code]...
And the Copy code is:
[Code]....
I am ristrcting access to the Account folder using below:
<location path="Account">
<system.web>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</location>
and access to the Default.aspx using
<location path="Default.aspx">
<system.web>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</location>
but how do i restrict access to a specific file in the Account folder rather than the entire folder?
I tried the following but did not work
<location path="AccountChangePassword.aspx">
<system.web>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</location>
My Company registered in certain services on the Web and are relying on the company's Ip to use these services, Director asked me to allow some staff to enter these sites from outside the company,after authorized staff enter to comany's site, How could they use the company's Ip to allow them to browse services sites ? Do I need to use a method such as proxy sites like youtube proxy? or there is another way?How do I do this in asp.net?
View 10 RepliesMy Company registered in certain services on the Web and are relying on the company's IP to use these services, Director asked me to allow some staff to enter these sites from outside the company, after authorized staff enter to comany's site. How could they use the company's IP to allow them to browse services sites? Do I need to use a method such as proxy sites like youtube proxy? or there is another way?How do I do this in asp.net?
View 2 RepliesI have my code output a gridview with all the data with an option to select records. I'm trying to make a code which would allow me to select a record, and then print this record using a specific Report stored in MS Access.
I've located the code to print the Report it self, but it prints ether all the records or a range.
I have an acess db which has primal key ID - Customer, and personal data of the customer .
In another db OR the same, to have the username and login of the customers.
I want to make a login form so if u/n & pass of a customer is correct, to have access to modify (insert, delete, update) his data of the db - his ID's only.
I have a list of Controls that are held in a List<Control> and I want to be able to check their type. As my list holds only Controls, doing typeof() isn't going to get me too far, I want to be able to ask if List<Control>[0] is a Checkbox, TextBox, Label, etc.How do I go about finding out what specific type of Control I have in my list?
View 7 RepliesI have ELMAH set up for a webapp, logging exceptions to a SQL server. I wish to have ELMAH send me an email too, but only when a specific exception is thrown (ie. MySpecialException). ELMAH must still log all exceptions to SQL server. I know you can do it programmatically in global.asax, but I'd prefer to use web.config. So, how do I restrict ELMAH error mails to filter out everything but a specific exception type, using web.config? UPDATE The filter ended up looking like this:
<test>
<and>
<not>
<is-type binding="Exception" type="MyApp.MySpecialException" />
</not>
<regex binding="FilterSourceType.Name" pattern="mail" caseSensitive="false"/>
</and>
</test>
I have a data type mismatch while inserting into a number field in an access database using a parameterized query.I think this should be pretty simple but I am still learning a lot.
[Code]....
I have some commented out as I am working one field at a time. The working fields are textboxes and the non working ones are dropdown lists. But I think it may be the field that the list is drawing from? Not sure.
The majority of files in the Temporary ASP.NET File folder for a given application get deleted by ASP.NET following compilation -- .DLL and .PDB files amongst others remain.
Our compiler produces proprietary debug information files which are amongst those that get deleted.
Marking the files read-only prevents this but are there other options available?
Existed MyControl1.Controls.OfType<RadioButton>() searches only thru initial collection and do not enters to children.
Is it possible to find all child controls of specific type using Enumerable.OfType<T>() or LINQ without writing own recursive method? Like this.
I have a gridview with a nested placeholder in each rows. I nested some checkboxes in each placeholders in each rows dynamically, so their ServerIDs are not the same (I dont want to use nested gridview). at the end in a button event I want to count checked checkboxes in gridview while I can not use findcontrol() method in each rows to find checkboxes due to their different ServerIDs.
View 3 RepliesI am creating an app in which i need to parse the documents uploaded by people, they can upload document either of the two types i.e. doc type or pdf type i want to know what are the various methods available to do that and which one is the best among them. iam creating the app in asp.net with c#
View 1 RepliesI use a jQuery script to load data for my website with a asmx file (json webservice). How can I make sure that the webservice only serves data to my script and is not accessible outsite my website?
View 3 Replies