|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Secure files on virtualI am designing a document store. I want user to login and then be able to
download files presented to them in the form of a list of links. Obviously I don't want nonlogged user to be able to see the files over http. I have tried to secure the diectory by mapping the the pdf extension to the aspnet dll and then using the http forbidden handler to stop the files being served up. However when they login via forms authentication the file still remain secured. I have tried removing the http forbidden handler but this allow access without being logged in. Where am I going wrong? I thought you could secure other extensions and then be allowed to access them on succesful login. Chris,
As its name suggests, the HttpForbiddenHandler prevents any access to the file. The StaticFileHandler is probably better choice for your desired outcome. HTH, Nicole Show quoteHide quote "Chris Kennedy" <ck001s7253nospam@bleyonder.co.uk> wrote in message news:OzBwS5mJFHA.1308@TK2MSFTNGP15.phx.gbl... >I am designing a document store. I want user to login and then be able to > download files presented to them in the form of a list of links. Obviously > I > don't want nonlogged user to be able to see the files over http. I have > tried to secure the diectory by mapping the the pdf extension to the > aspnet > dll and then using the http forbidden handler to stop the files being > served > up. However when they login via forms authentication the file still remain > secured. I have tried removing the http forbidden handler but this allow > access without being logged in. Where am I going wrong? I thought you > could > secure other extensions and then be allowed to access them on succesful > login. > > Can't I just have the server serve them up when they login successfully?
Show quoteHide quote "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message news:eSBagDnJFHA.2648@TK2MSFTNGP14.phx.gbl... > Chris, > > As its name suggests, the HttpForbiddenHandler prevents any access to the > file. The StaticFileHandler is probably better choice for your desired > outcome. > > HTH, > Nicole > > > "Chris Kennedy" <ck001s7253nospam@bleyonder.co.uk> wrote in message > news:OzBwS5mJFHA.1308@TK2MSFTNGP15.phx.gbl... >>I am designing a document store. I want user to login and then be able to >> download files presented to them in the form of a list of links. >> Obviously I >> don't want nonlogged user to be able to see the files over http. I have >> tried to secure the diectory by mapping the the pdf extension to the >> aspnet >> dll and then using the http forbidden handler to stop the files being >> served >> up. However when they login via forms authentication the file still >> remain >> secured. I have tried removing the http forbidden handler but this allow >> access without being logged in. Where am I going wrong? I thought you >> could >> secure other extensions and then be allowed to access them on succesful >> login. >> >> > > Depends on what you mean by "serve them up" and whether you really want to
block access to non-authenticated users. Have you tried using the StaticFileHandler instead of the HttpForbiddenHandler? If so, in what way(s) did the observed behaviour differ from your preferred behaviour? Show quoteHide quote "Chris Kennedy" <chrisknospam@cybase.co.uk> wrote in message news:O6cB%23uHKFHA.1280@TK2MSFTNGP09.phx.gbl... > Can't I just have the server serve them up when they login successfully? > > "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message > news:eSBagDnJFHA.2648@TK2MSFTNGP14.phx.gbl... >> Chris, >> >> As its name suggests, the HttpForbiddenHandler prevents any access to the >> file. The StaticFileHandler is probably better choice for your desired >> outcome. >> >> HTH, >> Nicole >> >> >> "Chris Kennedy" <ck001s7253nospam@bleyonder.co.uk> wrote in message >> news:OzBwS5mJFHA.1308@TK2MSFTNGP15.phx.gbl... >>>I am designing a document store. I want user to login and then be able to >>> download files presented to them in the form of a list of links. >>> Obviously I >>> don't want nonlogged user to be able to see the files over http. I have >>> tried to secure the diectory by mapping the the pdf extension to the >>> aspnet >>> dll and then using the http forbidden handler to stop the files being >>> served >>> up. However when they login via forms authentication the file still >>> remain >>> secured. I have tried removing the http forbidden handler but this allow >>> access without being logged in. Where am I going wrong? I thought you >>> could >>> secure other extensions and then be allowed to access them on succesful >>> login. >>> >>> >> >> > > 
Other interesting topics
Error from CAS Config util
Newbie error on output Running programs located on server why i get UnauthorizedAccess Exception? best practice for encrypting in app Single-sign-on .NET GUI to J2EE server Assymetric encryption - building an interopable solution that works with .NET/Java/OpenSSL error when I use AES with CAPICOM Windows Control Library call to Web Service over LAN fails Security Token: connect as |
|||||||||||||||||||||||
