How to avoid URL direct access?

Discussion in 'ASP .Net Security' started by Gus, Oct 15, 2006.

  1. Gus

    Gus Guest

    Hi:

    I have a documents program in mi intranet, it only shows each user
    authorized files and each line has the file description and a link to
    open it.

    The problem is that if anyone writes the file's URL address directly
    into the browser (like: http://mydomain/myintranet/myfiles/myfile.pdf)
    the file is opened without pass through the Intranet security.

    How can I avoid the direct file access?

    Regards,
    Gus
    Gus, Oct 15, 2006
    #1
    1. Advertising

  2. Gus

    Paul Hale Guest

    Hi Gus,

    Dont know if you have resolved your problem yet but just a thought which
    might help you out or point you in the right direction. Not sure what type of
    authentication you have implemented but I would look at creating a number of
    security groups and assign each user to specific groups. Then define each
    group with appropiate access rights per folder. Each folder then holds files
    relative to the related access group.

    Paul.

    "Gus" wrote:

    > Hi:
    >
    > I have a documents program in mi intranet, it only shows each user
    > authorized files and each line has the file description and a link to
    > open it.
    >
    > The problem is that if anyone writes the file's URL address directly
    > into the browser (like: http://mydomain/myintranet/myfiles/myfile.pdf)
    > the file is opened without pass through the Intranet security.
    >
    > How can I avoid the direct file access?
    >
    > Regards,
    > Gus
    >
    >
    Paul Hale, Nov 10, 2006
    #2
    1. Advertising

  3. Gus

    Gus Guest

    Thanks for your hint Paul, but I have anonymous access, I mind it could
    be hundreds of users and I don't want to manage operating system
    rights.

    Suppose you have a subscription web page and after the client's login
    he can access links to documents you keep in the server. He open some
    documents and then quit.

    That I need, and I remember have seen it in some page, is to block a
    direct access to the document without a login. Actually if I go to the
    IE history I can access a document directly.

    Regards,
    Gus


    Paul Hale ha escrito:

    > Hi Gus,
    >
    > Dont know if you have resolved your problem yet but just a thought which
    > might help you out or point you in the right direction. Not sure what type of
    > authentication you have implemented but I would look at creating a number of
    > security groups and assign each user to specific groups. Then define each
    > group with appropiate access rights per folder. Each folder then holds files
    > relative to the related access group.
    >
    > Paul.
    >
    > "Gus" wrote:
    >
    > > Hi:
    > >
    > > I have a documents program in mi intranet, it only shows each user
    > > authorized files and each line has the file description and a link to
    > > open it.
    > >
    > > The problem is that if anyone writes the file's URL address directly
    > > into the browser (like: http://mydomain/myintranet/myfiles/myfile.pdf)
    > > the file is opened without pass through the Intranet security.
    > >
    > > How can I avoid the direct file access?
    > >
    > > Regards,
    > > Gus
    > >
    > >
    Gus, Nov 11, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Anan
    Replies:
    8
    Views:
    15,609
    John C. Bollinger
    Dec 8, 2004
  2. Alexander Malkis
    Replies:
    8
    Views:
    505
    Alexander Malkis
    Apr 14, 2004
  3. Roger23
    Replies:
    2
    Views:
    983
    Roger23
    Oct 12, 2006
  4. Chase Kang #52

    Blocking Direct URL Access through web config

    Chase Kang #52, Oct 1, 2008, in forum: ASP .Net
    Replies:
    1
    Views:
    2,148
    Joe Fawcett
    Oct 9, 2008
  5. Gus

    How to avoid URL direct access?

    Gus, Oct 15, 2006, in forum: ASP .Net Web Services
    Replies:
    1
    Views:
    184
    Tim Van Wassenhove
    Oct 15, 2006
Loading...

Share This Page