S
Scanner2001
I am trying to limit access to folders in the web per user. I have tried two
different approaches, neither of which I can get to work correctly. I have a
windows 2003 r2 server, asp.net 2.0, front page extensions installed.
My setup looks like this:
/webvirtualdirectory/users/tom/..
/webvirtualdirectory/users/bob/..
etc.. where the webvirtualdirectory is an application.
I am using forms authentication, using sql 2005. I want tom to be able to
access files such as html, pdf, jpg, etc that he dynamically creates or
upload to his folder, but not be able to access anything in bobs folder,
including html files. Likewise for bob. The users are created dynamically,
so I do not who they are ahead of time, nor could I manage them
individually.
Attempt 1:
I have tried adding an additional application extension mapping in the web
site configuration, mapping .pdf to aspnet_isapi.dll (.net 2.0). Then in the
users folder (i.e. users/bob), a web.config is dynamically created when the
user is created that gives the user rights to everything in that folder.
This does not work, no pdf's (or other files such as html) are served by the
server. I receive a
a.. Error Code 64: Host not available
a.. Background: The connection to the Web server was lost.
Attempt 2:
I have tried the web configuration tool, supplied with visual studio, to
limit access to the folder for the user, such as bob. This appears to have
no impact on limiting access to files that are not mapped to the
aspnet_isapi.dll. So basically no security on files or folders.
Now I also have some static content at the root level that I do want to
allow anonymous access to, such as 1 pdf file and 1 html file. I believe the
site wide security is set properly for the remainder of the pages because if
I try to go an aspx page that is not explicitly allowed in the web.config,
the anonymous user is automatically redirected to a login page, and the page
is not shown.
Not sure what I am missing here, any help is greatly appreciated, or if you
think I should post to a different group.
Thanks,
Jeff
different approaches, neither of which I can get to work correctly. I have a
windows 2003 r2 server, asp.net 2.0, front page extensions installed.
My setup looks like this:
/webvirtualdirectory/users/tom/..
/webvirtualdirectory/users/bob/..
etc.. where the webvirtualdirectory is an application.
I am using forms authentication, using sql 2005. I want tom to be able to
access files such as html, pdf, jpg, etc that he dynamically creates or
upload to his folder, but not be able to access anything in bobs folder,
including html files. Likewise for bob. The users are created dynamically,
so I do not who they are ahead of time, nor could I manage them
individually.
Attempt 1:
I have tried adding an additional application extension mapping in the web
site configuration, mapping .pdf to aspnet_isapi.dll (.net 2.0). Then in the
users folder (i.e. users/bob), a web.config is dynamically created when the
user is created that gives the user rights to everything in that folder.
This does not work, no pdf's (or other files such as html) are served by the
server. I receive a
a.. Error Code 64: Host not available
a.. Background: The connection to the Web server was lost.
Attempt 2:
I have tried the web configuration tool, supplied with visual studio, to
limit access to the folder for the user, such as bob. This appears to have
no impact on limiting access to files that are not mapped to the
aspnet_isapi.dll. So basically no security on files or folders.
Now I also have some static content at the root level that I do want to
allow anonymous access to, such as 1 pdf file and 1 html file. I believe the
site wide security is set properly for the remainder of the pages because if
I try to go an aspx page that is not explicitly allowed in the web.config,
the anonymous user is automatically redirected to a login page, and the page
is not shown.
Not sure what I am missing here, any help is greatly appreciated, or if you
think I should post to a different group.
Thanks,
Jeff