Security :: Cannot Access Subfolder Files In Secured Folder
Mar 7, 2011
My restricted files are all stored in ~/Secured folder on the root. Authorized users have no trouble accessing aspx files in that folder. Recently I added a part of an application whose files I wanted to keep separate and created a ~/Secured/HR folder. I am getting a "resource not found" error trying to use any aspx file in HR folder even after user successfully logs in, as if the file does not exist at all. Here is my web.config security settings:
Do I need to configure security for that folder separately?
Jun 11, 2010
I set up a secured folder in my website. When I access this folder via web page, it pop up a windows login form to ask for user name and password. I would like to code the page or java script to access this secured folder with username and password without pop up the login form. find the method for page accessing the secured folder automatically.
Oct 26, 2010
In my project I have a website that has 2 sides, the client side and the management side. Everything is completed and works fine.
My idea was to place the management files in a separate folder ( the problem is that when I moved the files it could not compile because my admin pages inherit from a class in the app_ folder and looks like it cannot access it.
I wanted to compile the files in the app folder into a DLL but when I try, it gives me a error in the namespace System.Web.UI.Security and the WebControls ns...
How can I access my classes if my files reside in a subfolder within the same application. If I take the files out of the subfolder everything works fine
Aug 11, 2010
I have a folder with username and password over it.I wanna make a page where i can access files under that folders in .net and be able to download them.How to code that in
Jan 29, 2010
I have a web app, which contains a folder Uploads, to which users (authenticated) upload their files (for some reason it has to be a folder in the root of the web app).I want to deny access to this folder and files to all non-authenticated users.
In my web.config I have:
and everything seems to work in development, but on a staging server it redirects non-authenticated users to login page ONLY from aspx pages, but not when entering the url to the file in Uploads folder.
Jun 16, 2010
I have a folder with png images that are not shared or public (the folder is outside my application folder). Now I want my users to be able to view thoose images only if they are logged in (different users, different images). All images have a name that correspond to the users id. My idea is to stream thoose images into the asp:Image control, is that possible? How do I do that? Other (better) solutions?
Jul 1, 2010
I was following the tutorials from this two sites:
Following the first site, it had worked but when I´ve moved the pages and files to other folders and set the web.config file on this folder, now it won´t work at all!!!
The file is an *.swf object. I did put the asapi.dll to map the extension on the website root, I´ve put the
on the web.config new folder and on the web.config website´s root.
It won´t work!!! I can access the file directly!!! on the web.config of the folder that contains the file, there is a <deny users="*" /> line.
Apr 21, 2010
I currently have a dedicated server running a number of sites, one of these sites I would like to add a subfolder to which runs a seperate index.html file, so effectively it looks like a different site.
I am struggling to acheive this, can anybody give me the steps involved to make this happen?
To clarify, i have a web address for example and would like users to browse to and open up a sub folder.
Jun 14, 2010
I need to restric access to my admin folder to certain people. Those with no authentication ticket should be redirectered to a "not allowed page". How do I identify all pages in my admin folder. I have so far but is it OK?
If url.Contains("/admin") Then
'If authentication ticket incorrect then
End If
And not, I cannot use my web.config for this particular issue.
Feb 16, 2011
I've got an application (written in I have a results page that spits out some calculations. Ineed to write out that output to MS Word. The catch is, this happens within a folder that is secured (only users that are logged in can generate
the word document).
Here's what I'm using to gen the document. This works ok when running it locally, but not when loaded to GoDaddy hosting.
My code seems works fine locally. However, after loading it to GoDaddy it only works on a non-secured (not subject to ASP Membership), but when trying to use it in a secured folder the page clocks and eventually closes out.
Feb 25, 2010
I have a single project. and I have two folder in it. In the 1st folder I have a class named Class1 and in the 2nd folder I have a class named Class2. Can anyone tell me how I can access members of Class1 in Class2. I have tried by adding namespace in Class1 and Using that namespace in Class2. But it is giving error. It is easy to access classes or their members from App_Code folder. I don't want to put my classes in app_code folder.
Dec 16, 2010
In my website I have a page to upload files. It works fine when I run the website on my local machine and also in visual studio in the server. But, I cannot upload files when I access the website through the browser. I have given all the pemissions I know to the upload folder like - ASPNET, Network Service and IUSR. I am using IIS 6. It is a dedicated hosting. I can access all the pages, but only the upload does not upload files to the folder and it goes to the error page (but I don't know what is the error).
Apr 27, 2010
try to provide solution.I am developing one web application using 3.5 and my application i have to read files(Flat files stored in folder) in remote server which is located at another to do i can read &retrieve from local area.
i have that server host address,UID and Passwrd also how to access that files from remote server.
Jul 6, 2010
How can i decide wich images can be viewed and witch cannot?
Is it possible to keep all the files in one folder but programaticaly decide wich ones can be seen?
I dont want the user to be able to navigate and browse the folder with all the images, but i want some images from the folder to be viewable for anonymous users.
Jan 4, 2010
I am building an ASP.NET 3.5 Web Application and I am NOT using the membership provider for security. In the application I have a role named Admin and all the files for this role are inside the Security folder in the project. Currently for all the pages inside the security folder I am checking to see if the logged in user's role is an Admin or not. This to me seems very redundant, can do something like "If the user is requesting a page inside the security folder then check his role".
Sep 16, 2010
I have secured some files on my webserver by putting them into the App_Data folder in the root (I do not have the option to secure folders using the ASAPI filter)The user gets access to these files by requesting them through a handler, fx. by requesting ~/Handler.ashx?file=App_Data/MySubFolder/MyFile.jpgNow, I want to make all the content in a specific folder called "Members" (a single subdirectory of the App_Data folder) available only by passing a specific password. That is by requesting ~/Handler.ashx?file=App_Data/MySubFolder/MyFile.jpg&password=xxxxIn my Handler.ashx I have written some logic seeking if InStr(context.Request.QueryString("file"), "Members") = 0 before sending the file.If inStr <> 0 a password is required.Is this a good way to secure a folder in and its content? Is there a way of getting access anyway, like using some kind of "sub-directory" line in the path (the same way as you can request parent directory by using "../../Myfile.jpg)? I know there will be a problem if someone fx. legitimately tries to access the file App_Data/Members.jpg
Apr 15, 2010
I've got a folder in my project on a live webserver, called "admin" with a file in it called "default.aspx". Now, I cannot access this folder like this: [URL] however, if I put a slash at the end, it works fine: [URL]
or, this works fine, too: [URL]
Jun 24, 2010
I am using URL routing in application (not MVC) . I have Admin folder in my aaplication which has admin related aspx pages with seperate web.config. I have seperate login form for admin users which is placed in admin folder itself. My issue is whenever I hit [URL] (which I want to go to login form for admin)- it tries to authenticate and goes to login url mentioned in web.config of root folder.
Note: Admin folder has anonymous access in root config file. Also I have set default document in config of Admin folder. I have added following line in global.asax so that routing doesnt work for files in admin folder;
I am really confused what is the issue? What I am missing?
Nov 28, 2010
I am trying to access a shared folder which is located on a different server rather than on the server.
I configured windows authentication and set impersonation to true. Also try with enable/disable basic authentication.
I have tried the following:
with a mapped driveshared folder access (\sharedfolder)virtual directory pointing to shared folder with pass through configuration. However none of the above works. I am getting "Access Denied" error when trying with shared folder and virtual directory. In the case of mapped drive getting "Not Found" error.
Jan 23, 2010
Trying to restrict access to folder but can't?
Jan 28, 2010
I have a folder that cannot be accessed by anyone except the management role of my web site. But, I added a folder to this and it can be accessed by anyone.
Of course, I can explcitly set the access to only a specific role(s) but I would like to know if I can tell set it so that even folders nested inside a restricted folder can take on the same permissions settings as the folder in which it is nested.
May 3, 2010
how can we set grant or dynie access or permissions to folder by programming c# in
Jun 18, 2010
At first I got an error that the user did not have permission to read the config file (web.config).
So I gave NETWORK SERVICE and IIS_IUSRS read on the website folders.
But now vistors can not access images and other static content from the Content folder without logging in. Aspx and .ashx content works however static content is redirected to the login page.
May 27, 2010
I wrote a web service sometime back, and uploaded to one of our network Server's IIS. The webservice needs to access a network folder, which was working perfectly fine till a month ago. Now, when we use the webservice in our .Net application, it fails with the exception message "Access to the path '\<networkMachine ><Folder >' was denied" (may be some group policies changed). But when I run the webservice from my local machine's Visual Studio debugger, it can access that folder. What could be different on the server's IIS w.r.t. my service? Why was it able to access the network folder before but not now? Please note that I can manually access that shared network folder from my machine, and also when I remote desktop to that <networkMachine> from windows explorer.
I saw in the task manager on the server that the IIS process w3wp.exe is running under 'NETWORK SERVICE' account. Though the network folder is not shared specifically with this account, but that has given read & execute access to 'Everyone'. Then what is the problem that it cannot access the folder. By accessing I mean creating a 'DirectoryInfo' object of the path '\<networkMachine ><Folder >' and reading all the subfolders -
just read.
Mar 8, 2011
I've read the tutorials about Forms authentication and one question still remains:
How to declare a page as one which needs authorization for viewing it ?
I can think of two methods -
1. Checking in that page itself and then redirecting to login.aspx
2. Declaring it in web.config somehow
