Disabling direct HTTP access to certain folders on server

Discussion in 'ASP .Net Security' started by Vikas, Apr 25, 2006.

  1. Vikas

    Vikas Guest

    Hi
    I am using .Net Framework 1.1. There are some XSL files in a folder of my
    web application. I want to restrict a user from directly accessing these
    files - e.g. I want to display a forbidden page when he types the URL
    http://Myserver.com/MyApp/XMLFolder/pqr.xsl

    However the ASP.Net application should be able to access these files i.e. it
    should be able to apply the XSL Stylesheets to the corresponding XML files.
    It would be a great help if someone could let me know how to do the same
    Thanks
    Vikas
     
    Vikas, Apr 25, 2006
    #1
    1. Advertising

  2. Hi,

    find more info here:

    http://www.leastprivilege.com/ProtectingNonASPNETResourcesWithASPNET20.aspx
    http://www.leastprivilege.com/MoreOnProtectingStaticResourcesWithASPNET20.aspx

    in your case you only have to map the .xsl extension in iis to aspnet_isapi
    and put a HttpNotFoundHandler in place...

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Hi
    > I am using .Net Framework 1.1. There are some XSL files in a folder of
    > my
    > web application. I want to restrict a user from directly accessing
    > these
    > files - e.g. I want to display a forbidden page when he types the URL
    > http://Myserver.com/MyApp/XMLFolder/pqr.xsl
    > However the ASP.Net application should be able to access these files
    > i.e. it
    > should be able to apply the XSL Stylesheets to the corresponding XML
    > files.
    > It would be a great help if someone could let me know how to do the
    > same
    > Thanks
    > Vika
     
    Dominick Baier [DevelopMentor], Apr 25, 2006
    #2
    1. Advertising

  3. Vikas

    Vikas Guest

    Hi Dominick
    I tried that - but the problem is that this prevents the xsl file being
    applied to the corresponding xml file.
    Actually, let me clarify. There is a static aspx page, which contains an
    iframe that hosts the xml. The xsl is applied to this xml.
    If I apply an HttpForbiddenHandler to xsl files, the stylesheet doesnt get
    applied at all and the frame displays "Cannot view XML input using XSL style
    sheet".
    Thanks in advance.
    Vikas


    "Dominick Baier [DevelopMentor]" wrote:

    > Hi,
    >
    > find more info here:
    >
    > http://www.leastprivilege.com/ProtectingNonASPNETResourcesWithASPNET20.aspx
    > http://www.leastprivilege.com/MoreOnProtectingStaticResourcesWithASPNET20.aspx
    >
    > in your case you only have to map the .xsl extension in iis to aspnet_isapi
    > and put a HttpNotFoundHandler in place...
    >
    > ---------------------------------------
    > Dominick Baier - DevelopMentor
    > http://www.leastprivilege.com
    >
    > > Hi
    > > I am using .Net Framework 1.1. There are some XSL files in a folder of
    > > my
    > > web application. I want to restrict a user from directly accessing
    > > these
    > > files - e.g. I want to display a forbidden page when he types the URL
    > > http://Myserver.com/MyApp/XMLFolder/pqr.xsl
    > > However the ASP.Net application should be able to access these files
    > > i.e. it
    > > should be able to apply the XSL Stylesheets to the corresponding XML
    > > files.
    > > It would be a great help if someone could let me know how to do the
    > > same
    > > Thanks
    > > Vikas

    >
    >
    >
     
    Vikas, Apr 25, 2006
    #3
  4. well - if you need to access the .xsl from "outside" the web server this
    won't help you.

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Hi Dominick
    > I tried that - but the problem is that this prevents the xsl file
    > being
    > applied to the corresponding xml file.
    > Actually, let me clarify. There is a static aspx page, which contains
    > an
    > iframe that hosts the xml. The xsl is applied to this xml.
    > If I apply an HttpForbiddenHandler to xsl files, the stylesheet doesnt
    > get
    > applied at all and the frame displays "Cannot view XML input using XSL
    > style
    > sheet".
    > Thanks in advance.
    > Vikas
    > "Dominick Baier [DevelopMentor]" wrote:
    >
    >> Hi,
    >>
    >> find more info here:
    >>
    >> http://www.leastprivilege.com/ProtectingNonASPNETResourcesWithASPNET2
    >> 0.aspx
    >> http://www.leastprivilege.com/MoreOnProtectingStaticResourcesWithASPN
    >> ET20.aspx
    >>
    >> in your case you only have to map the .xsl extension in iis to
    >> aspnet_isapi and put a HttpNotFoundHandler in place...
    >>
    >> ---------------------------------------
    >> Dominick Baier - DevelopMentor
    >> http://www.leastprivilege.com
    >>> Hi
    >>> I am using .Net Framework 1.1. There are some XSL files in a folder
    >>> of
    >>> my
    >>> web application. I want to restrict a user from directly accessing
    >>> these
    >>> files - e.g. I want to display a forbidden page when he types the
    >>> URL
    >>> http://Myserver.com/MyApp/XMLFolder/pqr.xsl
    >>> However the ASP.Net application should be able to access these files
    >>> i.e. it
    >>> should be able to apply the XSL Stylesheets to the corresponding XML
    >>> files.
    >>> It would be a great help if someone could let me know how to do the
    >>> same
    >>> Thanks
    >>> Vikas
     
    Dominick Baier [DevelopMentor], Apr 25, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tuukka Toivonen

    disabling certain warnings in synopsys dc

    Tuukka Toivonen, May 11, 2004, in forum: VHDL
    Replies:
    1
    Views:
    1,617
    Tuukka Toivonen
    May 11, 2004
  2. Replies:
    0
    Views:
    661
  3. Untitled
    Replies:
    0
    Views:
    379
    Untitled
    Mar 29, 2007
  4. Ken Fine
    Replies:
    1
    Views:
    689
    Steve C. Orr [MCSD, MVP, CSM, ASP Insider]
    Jul 31, 2007
  5. kfrost

    Disabling certain url's in a menu?

    kfrost, Apr 29, 2006, in forum: ASP .Net Web Controls
    Replies:
    4
    Views:
    121
    Teemu Keiski
    Apr 30, 2006
Loading...

Share This Page