Ask a Question related to ASP.NET General, Design and Development.
-
Steve C. Orr, MCSD #1
Re: Protect local data files from download?
Just make sure that the extension of the file is unkown to IIS. Give the
file a name like data.xyz or something. Then IIS will never serve it up to
anybody.
--
I hope this helps,
Steve C. Orr, MCSD
[url]http://Steve.Orr.net[/url]
"Steve Brecher" <Steve_Brecher@see.sig.at.end> wrote in message
news:OfJrx%23mQDHA.2432@TK2MSFTNGP10.phx.gbl...it> The Global.asax.vb contains code called from Application_Start that opens
> and reads some data files which in total contain about 35KB. For
> portability of the web application (e.g., to one remote host or another)> seems best to keep this data within the application directory or a
> subdirectory thereof, so that its path can be obtained at runtime via
> HttpContext.Current.Server.MapPath.
>
> Is there a way to allow the web app to open/read the data files but to
> protect them from downloading by the user?
>
> --
> For mail, please use my surname where indicated:
> [email]steve@surname.reno.nv.us[/email] (Steve Brecher)
>
>
Steve C. Orr, MCSD Guest
-
Finding data files in local directory
Say I have a bunch of XML files in the directory with my web app (or in a subdirectory) and I want the app to be able to create a list of all... -
PayPal and Protect Download
Hi all, I would like to setup a page where a customer can download a file they buy using PayPal. But, I want this page to be protected from them... -
Need to download data to local access database
Have a web app (ASP classic) that saves data to an Access database on the web host. Need to come up with some sort of ASP admin tool that will... -
Protect files
Hi, I need to distribute two projects, one on cd and one in a downloadable zip file. Everything is ready to go except for the fact that all... -
Protect FLV files
Hi all, Anyboys knows what is best ways to protect FLV files (flash video files)? Thanks Behzad Peivasteh http://www.e-course.co.jp -
Steve Brecher #2 Re: Protect local data files from download?
"Steve C. Orr, MCSD" <Steve@Orr.net> wrote:
to> Just make sure that the extension of the file is unkown to IIS. Give the
> file a name like data.xyz or something. Then IIS will never serve it upThe extension has been .csv (an Excel file type) and IE6 presents a download> anybody.
dialog. If I change the extension to .xyz or to .steve, IE6 displays the
contents of the file (as it would if the extension were .txt).
opens> "Steve Brecher" <Steve_Brecher@see.sig.at.end> wrote in message
> news:OfJrx%23mQDHA.2432@TK2MSFTNGP10.phx.gbl...> > The Global.asax.vb contains code called from Application_Start that--> it> > and reads some data files which in total contain about 35KB. For
> > portability of the web application (e.g., to one remote host or another)> > seems best to keep this data within the application directory or a
> > subdirectory thereof, so that its path can be obtained at runtime via
> > HttpContext.Current.Server.MapPath.
> >
> > Is there a way to allow the web app to open/read the data files but to
> > protect them from downloading by the user?
For mail, please use my surname where indicated:
[email]steve@surname.reno.nv.us[/email] (Steve Brecher)
Steve Brecher Guest
-
Ken Cox [Microsoft MVP] #3 Re: Protect local data files from download?
Hi Steve,
Just to expand on what Steve Orr said, you might want to use IIS mapping to
prevent .csv files from being served.
Open the IIS applet and open the Properties page for your Web application.
On the Virtual Directory tab, click Configuration (in the Application Settings
area).
On the Mappings tab, create a new entry for .csv and map it the way .config,
..aspx and other .Net extensions are handled.
This forces the .csv extension to use the
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspne t_isapi.dll as its handler.
In the machine.config file, search for the <httpHandlers> section and add this:
<add verb="*" path="*.csv" type="System.Web.HttpForbiddenHandler"/>
When the handler checks the extension, it will refuse to serve it.
You might be able to configure it more locally in the web.config file, not sure
about that.
Does this work for you?
Ken
MVP [ASP.NET]
"Steve Brecher" <Steve_Brecher@see.sig.at.end> wrote in message
news:OfJrx%23mQDHA.2432@TK2MSFTNGP10.phx.gbl...
The Global.asax.vb contains code called from Application_Start that opens
and reads some data files which in total contain about 35KB. For
portability of the web application (e.g., to one remote host or another) it
seems best to keep this data within the application directory or a
subdirectory thereof, so that its path can be obtained at runtime via
HttpContext.Current.Server.MapPath.
Is there a way to allow the web app to open/read the data files but to
protect them from downloading by the user?
--
For mail, please use my surname where indicated:
[email]steve@surname.reno.nv.us[/email] (Steve Brecher)
Ken Cox [Microsoft MVP] Guest
-
Ken Cox [Microsoft MVP] #4 Re: Protect local data files from download?
Right after I explain how to do it, I find that there's a KB article!
HOW TO: Use ASP.NET to Protect File Types
[url]http://support.microsoft.com/default.aspx?scid=kb;en-us;815152[/url]
"Steve Brecher" <Steve_Brecher@see.sig.at.end> wrote in message
news:OfJrx%23mQDHA.2432@TK2MSFTNGP10.phx.gbl...
The Global.asax.vb contains code called from Application_Start that opens
and reads some data files which in total contain about 35KB. For
portability of the web application (e.g., to one remote host or another) it
seems best to keep this data within the application directory or a
subdirectory thereof, so that its path can be obtained at runtime via
HttpContext.Current.Server.MapPath.
Is there a way to allow the web app to open/read the data files but to
protect them from downloading by the user?
--
For mail, please use my surname where indicated:
[email]steve@surname.reno.nv.us[/email] (Steve Brecher)
Ken Cox [Microsoft MVP] Guest
-
Steve Brecher #5 Re: Protect local data files from download?
"Ken Cox [Microsoft MVP]" <BANSPAMken_cox@sympatico.ca>:
Thanks! But I may need a scheme for cases in which one doesn't control IIS> Right after I explain how to do it, I find that there's a KB article!
>
> HOW TO: Use ASP.NET to Protect File Types
>
> [url]http://support.microsoft.com/default.aspx?scid=kb;en-us;815152[/url]
configuration, such as a shared server at a commericial hosting company.
Based on your and the KB article's instruction and after looking at
machine.config I think that all that needs to be done is to rename the data
files with extensions that won't be served, such as .vb, .cs, or .asp.
it> "Steve Brecher" <Steve_Brecher@see.sig.at.end> wrote in message
> news:OfJrx%23mQDHA.2432@TK2MSFTNGP10.phx.gbl...
> The Global.asax.vb contains code called from Application_Start that opens
> and reads some data files which in total contain about 35KB. For
> portability of the web application (e.g., to one remote host or another)--> seems best to keep this data within the application directory or a
> subdirectory thereof, so that its path can be obtained at runtime via
> HttpContext.Current.Server.MapPath.
>
> Is there a way to allow the web app to open/read the data files but to
> protect them from downloading by the user?
For mail, please use my surname where indicated:
[email]steve@surname.reno.nv.us[/email] (Steve Brecher)
Steve Brecher Guest
-
Ken Cox [Microsoft MVP] #6 Re: Protect local data files from download?
>Based on your and the KB article's instruction and after looking at
Good idea. You might just be able to rename it .config or .vbproj so it won't>machine.config I think that all that needs to be done is to rename the data
>files with extensions that won't be served, such as .vb, .cs, or .asp.
get in the way of anything else.
Ken
Ken Cox [Microsoft MVP] Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
