Preventing access to all file types in a directory using ASP.NET

Discussion in 'ASP .Net Security' started by nickk, Feb 9, 2005.

  1. nickk

    nickk Guest

    Is it possible to prevent access to all files in a (virtual) directory using
    ASP.NET and without using an ISAPI filter? I'm quite happy using the standard
    classes for authentication and authorisation for ASP.NET (.aspx) pages, but I
    want to stop unauthorised users accessing plain HTML pages, PDF files and SWF
    files in a directory as well. Can I use HTTPModule for this? Basically, I
    want to interrogate and filter all requests in a particular directory, but I
    don't want to have to learn C++ just to complete this piece of work.
    nickk, Feb 9, 2005
    #1
    1. Advertising

  2. nickk

    Guest

    Use Wildcard application maps to pass everything through the asp.net
    framework dll and then use a http module or suitable authorization
    mechanism written in asp.net.
    This is a good example.
    http://www.eggheadcafe.com/articles/20040317.asp

    nickk wrote:
    > Is it possible to prevent access to all files in a (virtual)

    directory using
    > ASP.NET and without using an ISAPI filter? I'm quite happy using the

    standard
    > classes for authentication and authorisation for ASP.NET (.aspx)

    pages, but I
    > want to stop unauthorised users accessing plain HTML pages, PDF files

    and SWF
    > files in a directory as well. Can I use HTTPModule for this?

    Basically, I
    > want to interrogate and filter all requests in a particular

    directory, but I
    > don't want to have to learn C++ just to complete this piece of work.
    , Feb 9, 2005
    #2
    1. Advertising

  3. nickk

    Andy G Guest

    What I have done is very very simple, it may or may not apply to your
    situation. This is the article that I found that worked for me.
    http://www.derkeiler.com/Newsgroups...t.framework.aspnet.security/2003-03/0151.html

    I added a couple application extensions just like the article said and it
    worked great. Very easy fix.


    "nickk" <> wrote in message
    news:...
    > Is it possible to prevent access to all files in a (virtual) directory

    using
    > ASP.NET and without using an ISAPI filter? I'm quite happy using the

    standard
    > classes for authentication and authorisation for ASP.NET (.aspx) pages,

    but I
    > want to stop unauthorised users accessing plain HTML pages, PDF files and

    SWF
    > files in a directory as well. Can I use HTTPModule for this? Basically, I
    > want to interrogate and filter all requests in a particular directory, but

    I
    > don't want to have to learn C++ just to complete this piece of work.
    Andy G, Feb 10, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Joey
    Replies:
    2
    Views:
    574
    =?Utf-8?B?Q3VydF9DIFtNVlBd?=
    Oct 26, 2005
  2. Pierre Alexis
    Replies:
    1
    Views:
    410
    Jeff Schwab
    Mar 4, 2004
  3. Replies:
    2
    Views:
    257
  4. Replies:
    2
    Views:
    958
  5. Rex
    Replies:
    7
    Views:
    133
Loading...

Share This Page