aspnet_isapi.dll security limit access to folders

Discussion in 'ASP .Net Security' started by Scanner2001, Nov 11, 2006.

  1. Scanner2001

    Scanner2001 Guest

    I am trying to limit access to folders in the web per user. I have tried two
    different approaches, neither of which I can get to work correctly. I have a
    windows 2003 r2 server, asp.net 2.0, front page extensions installed.
    My setup looks like this:
    /webvirtualdirectory/users/tom/..
    /webvirtualdirectory/users/bob/..
    etc.. where the webvirtualdirectory is an application.

    I am using forms authentication, using sql 2005. I want tom to be able to
    access files such as html, pdf, jpg, etc that he dynamically creates or
    upload to his folder, but not be able to access anything in bobs folder,
    including html files. Likewise for bob. The users are created dynamically,
    so I do not who they are ahead of time, nor could I manage them
    individually.

    Attempt 1:
    I have tried adding an additional application extension mapping in the web
    site configuration, mapping .pdf to aspnet_isapi.dll (.net 2.0). Then in the
    users folder (i.e. users/bob), a web.config is dynamically created when the
    user is created that gives the user rights to everything in that folder.
    This does not work, no pdf's (or other files such as html) are served by the
    server. I receive a
    a.. Error Code 64: Host not available
    a.. Background: The connection to the Web server was lost.

    Attempt 2:
    I have tried the web configuration tool, supplied with visual studio, to
    limit access to the folder for the user, such as bob. This appears to have
    no impact on limiting access to files that are not mapped to the
    aspnet_isapi.dll. So basically no security on files or folders.

    Now I also have some static content at the root level that I do want to
    allow anonymous access to, such as 1 pdf file and 1 html file. I believe the
    site wide security is set properly for the remainder of the pages because if
    I try to go an aspx page that is not explicitly allowed in the web.config,
    the anonymous user is automatically redirected to a login page, and the page
    is not shown.

    Not sure what I am missing here, any help is greatly appreciated, or if you
    think I should post to a different group.

    Thanks,
    Jeff
     
    Scanner2001, Nov 11, 2006
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Earl Teigrob
    Replies:
    5
    Views:
    512
    Guy Lukes
    Mar 5, 2004
  2. Frederico Caldeira Knabben

    From aspnet_isapi.dll back to IIS

    Frederico Caldeira Knabben, May 12, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    631
    Frederico Caldeira Knabben
    May 12, 2004
  3. boy0612
    Replies:
    1
    Views:
    400
    Bryant Hankins
    Aug 19, 2004
  4. prem
    Replies:
    1
    Views:
    1,633
    Shankara Narayanan
    Nov 3, 2004
  5. .:mmac:.

    error with aspnet_isapi.dll

    .:mmac:., Jul 7, 2005, in forum: ASP .Net
    Replies:
    3
    Views:
    2,170
    Bob Barrows [MVP]
    Jul 7, 2005
Loading...

Share This Page