How to secure files and directories in asp.net

Atif Iqbal · Atif Iqbal

Hi,

How can i secure files and directories in asp.net ..... i'm using form based
authentication to secure my asp.net pages but when any user directly access
(directly type url address in the webbrowser.) any other file like perl or
any text file in my application directory it allows user to access that file
.. how can i secure my directories and other files from being access.

TIA

atif

Jim Cheshire [MSFT] · Jim Cheshire [MSFT]

Atif,

ASP.NET Forms authentication will only secure content that is processed by
the aspnet_isapi.dll. If you need to replace other static file types (such
as text files), you can do that by mapping them to the aspnet_isapi.dll,
but you'll want to test that fully before deploying it to production apps.
For perl files, you're out of luck because they have to be processed by the
perl engine.

You can also consider having an ASP.NET page that redirects to the URL that
is passed to it. If the user is not authenticated via Forms auth, the
request will be denied. If they are, it will be accepted and your ASP.NET
page can redirect to the correct URL.

There are many approaches to this problem.

Jim Cheshire, MCSE, MCSD [MSFT]
ASP.NET
Developer Support
[email]jamesche@online.microsoft.com[/email]

This post is provided "AS-IS" with no warranties and confers no rights.

--------------------

>From: "Atif Iqbal" <iatif@hotmail.com>
>Subject: How to secure files and directories in asp.net
>Date: Thu, 1 Apr 2004 11:33:24 +0500
>Lines: 13
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>Message-ID: <u2Z7DN7FEHA.1912@TK2MSFTNGP10.phx.gbl>
>Newsgroups: microsoft.public.dotnet.framework.aspnet.security
>NNTP-Posting-Host: lhr63.pie.net.pk 202.125.147.222
>Path:

cpmsftngxa06.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTF EED01.phx.gbl!TK2MSFTNGP08
..phx.gbl!TK2MSFTNGP10.phx.gbl

>Xref: cpmsftngxa06.phx.gbl

microsoft.public.dotnet.framework.aspnet.security: 9466

>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
>
>Hi,
>
>How can i secure files and directories in asp.net ..... i'm using form

based

>authentication to secure my asp.net pages but when any user directly access
>(directly type url address in the webbrowser.) any other file like perl or
>any text file in my application directory it allows user to access that

file

>. how can i secure my directories and other files from being access.
>
>TIA
>
>atif
>
>
>

Atif Iqbal · Atif Iqbal

Thanx for ur reply

but there must be a way to secure directories in asp.net .
can u plz guide me how to secure my directories so that no one can access my
directories
without an appropriate previliges. response.redirect is not the solution
i've used server.transfer
but it does not support perl files...

TIA
Atif

"Jim Cheshire [MSFT]" <jamesche@online.microsoft.com> wrote in message
news:GFkbWLCGEHA.1996@cpmsftngxa06.phx.gbl...

> Atif,
>
> ASP.NET Forms authentication will only secure content that is processed by
> the aspnet_isapi.dll. If you need to replace other static file types

(such

> as text files), you can do that by mapping them to the aspnet_isapi.dll,
> but you'll want to test that fully before deploying it to production apps.
> For perl files, you're out of luck because they have to be processed by

the

> perl engine.
>
> You can also consider having an ASP.NET page that redirects to the URL

that

> is passed to it. If the user is not authenticated via Forms auth, the
> request will be denied. If they are, it will be accepted and your ASP.NET
> page can redirect to the correct URL.
>
> There are many approaches to this problem.
>
> Jim Cheshire, MCSE, MCSD [MSFT]
> ASP.NET
> Developer Support
> [email]jamesche@online.microsoft.com[/email]
>
> This post is provided "AS-IS" with no warranties and confers no rights.
>
> --------------------

> >From: "Atif Iqbal" <iatif@hotmail.com>
> >Subject: How to secure files and directories in asp.net
> >Date: Thu, 1 Apr 2004 11:33:24 +0500
> >Lines: 13
> >X-Priority: 3
> >X-MSMail-Priority: Normal
> >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
> >Message-ID: <u2Z7DN7FEHA.1912@TK2MSFTNGP10.phx.gbl>
> >Newsgroups: microsoft.public.dotnet.framework.aspnet.security
> >NNTP-Posting-Host: lhr63.pie.net.pk 202.125.147.222
> >Path:

>

cpmsftngxa06.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTF EED01.phx.gbl!TK2MSFTNGP08

> phx.gbl!TK2MSFTNGP10.phx.gbl

> >Xref: cpmsftngxa06.phx.gbl

> microsoft.public.dotnet.framework.aspnet.security: 9466

> >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
> >
> >Hi,
> >
> >How can i secure files and directories in asp.net ..... i'm using form

> based

> >authentication to secure my asp.net pages but when any user directly

access

> >(directly type url address in the webbrowser.) any other file like perl

or

> >any text file in my application directory it allows user to access that

> file

> >. how can i secure my directories and other files from being access.
> >
> >TIA
> >
> >atif
> >
> >
> >

>

Jim Cheshire [MSFT] · Jim Cheshire [MSFT]

Atif,

You have to remember that if you are trying to have an ASP.NET specific
feature protect your content (a feature such as ASP.NET Forms
authentication), it's only going to work for resources that are parsed
through the ASP.NET ISAPI filter. If ASP.NET does not process the request,
it cannot control access to the resource.

Because of this, you are going to have to use NTFS permissions or some
other authentication method that you devise to control access to your
resources.

Jim Cheshire, MCSE, MCSD [MSFT]
ASP.NET
Developer Support
[email]jamesche@online.microsoft.com[/email]

This post is provided "AS-IS" with no warranties and confers no rights.

--------------------

>From: "Atif Iqbal" <iatif@hotmail.com>
>References: <u2Z7DN7FEHA.1912@TK2MSFTNGP10.phx.gbl>

<GFkbWLCGEHA.1996@cpmsftngxa06.phx.gbl>

>Subject: Re: How to secure files and directories in asp.net
>Date: Fri, 2 Apr 2004 11:29:34 +0500
>Lines: 83
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>Message-ID: <#wYyjvHGEHA.1240@TK2MSFTNGP10.phx.gbl>
>Newsgroups: microsoft.public.dotnet.framework.aspnet.security
>NNTP-Posting-Host: lhr63.pie.net.pk 202.125.147.222
>Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTN GP10.phx.gbl
>Xref: cpmsftngxa06.phx.gbl

microsoft.public.dotnet.framework.aspnet.security: 9485

>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
>
>Thanx for ur reply
>
>but there must be a way to secure directories in asp.net .
>can u plz guide me how to secure my directories so that no one can access

my

>directories
>without an appropriate previliges. response.redirect is not the solution
>i've used server.transfer
>but it does not support perl files...
>
>TIA
>Atif
>
>
>
>"Jim Cheshire [MSFT]" <jamesche@online.microsoft.com> wrote in message
>news:GFkbWLCGEHA.1996@cpmsftngxa06.phx.gbl...

>> Atif,
>>
>> ASP.NET Forms authentication will only secure content that is processed

by

>> the aspnet_isapi.dll. If you need to replace other static file types

>(such

>> as text files), you can do that by mapping them to the aspnet_isapi.dll,
>> but you'll want to test that fully before deploying it to production

apps.

>> For perl files, you're out of luck because they have to be processed by

>the

>> perl engine.
>>
>> You can also consider having an ASP.NET page that redirects to the URL

>that

>> is passed to it. If the user is not authenticated via Forms auth, the
>> request will be denied. If they are, it will be accepted and your

ASP.NET

>> page can redirect to the correct URL.
>>
>> There are many approaches to this problem.
>>
>> Jim Cheshire, MCSE, MCSD [MSFT]
>> ASP.NET
>> Developer Support
>> [email]jamesche@online.microsoft.com[/email]
>>
>> This post is provided "AS-IS" with no warranties and confers no rights.
>>
>> --------------------

>> >From: "Atif Iqbal" <iatif@hotmail.com>
>> >Subject: How to secure files and directories in asp.net
>> >Date: Thu, 1 Apr 2004 11:33:24 +0500
>> >Lines: 13
>> >X-Priority: 3
>> >X-MSMail-Priority: Normal
>> >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>> >Message-ID: <u2Z7DN7FEHA.1912@TK2MSFTNGP10.phx.gbl>
>> >Newsgroups: microsoft.public.dotnet.framework.aspnet.security
>> >NNTP-Posting-Host: lhr63.pie.net.pk 202.125.147.222
>> >Path:

>>

>cpmsftngxa06.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFT FEED01.phx.gbl!TK2MSFTNGP0

8

>> phx.gbl!TK2MSFTNGP10.phx.gbl

>> >Xref: cpmsftngxa06.phx.gbl

>> microsoft.public.dotnet.framework.aspnet.security: 9466

>> >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
>> >
>> >Hi,
>> >
>> >How can i secure files and directories in asp.net ..... i'm using form

>> based

>> >authentication to secure my asp.net pages but when any user directly

>access

>> >(directly type url address in the webbrowser.) any other file like perl

>or

>> >any text file in my application directory it allows user to access that

>> file

>> >. how can i secure my directories and other files from being access.
>> >
>> >TIA
>> >
>> >atif
>> >
>> >
>> >

>>

>
>
>

How to secure files and directories in asp.net

Thread Tools

Display

How to secure files and directories in asp.net

Similar Questions and Discussions

Secure PDF's merged into 1 document from 2 different Secure Files, possible?

Upload files and directories

including files in other directories

how to rename 200 files in many sub-directories?

Comparing directories and files

RE: How to secure files and directories in asp.net

Re: How to secure files and directories in asp.net

Re: How to secure files and directories in asp.net

Posting Permissions