Protecting documents

Discussion in 'ASP .Net' started by Shawn, Nov 21, 2003.

  1. Shawn

    Shawn Guest

    Hi.
    I have a folder that contains a lot of different documents. xls, .doc, .pdf
    etc. Different users have access to different documents. The problem is
    that if a user knows the name of a document then he can just write the path
    into IE and get access to it anyway. Is it possible to prevent this?

    Thanks,
    Shawn
     
    Shawn, Nov 21, 2003
    #1
    1. Advertising

  2. Shawn,

    If it's required that people be able to download these (which I'm sure it
    is), your best bet is to store them on the file system where they are
    inaccessible directly. You can then use Response.BinaryWrite to stream
    them down to the browser when legitimate.

    Here's a small code sample that demonstrates a PDF file loaded both inline
    and outside fo the browser.

    Dim fs As New FileStream("c:\directory\books.pdf"),
    FileMode.OpenOrCreate, FileAccess.Read)
    Dim MyData(fs.Length) As Byte
    fs.Read(MyData, 0, fs.Length)
    Response.Buffer = True
    Response.Clear()
    Response.ContentType = "application/pdf"

    ' Opens it outside browser
    Response.AddHeader("content-disposition", "attachment;
    filename=books.pdf")

    ' Opens it inside browser
    'Response.AddHeader("content-disposition", "inline;
    filename=books.pdf")

    Response.BinaryWrite(MyData)
    Response.End()


    Hope that helps.


    Jim Cheshire, MCSE, MCSD [MSFT]
    Developer Support
    ASP.NET


    This post is provided as-is with no warranties and confers no rights.

    --------------------
    >From: "Shawn" <>
    >Subject: Protecting documents
    >Date: Fri, 21 Nov 2003 13:20:58 +0100
    >Lines: 10
    >X-Priority: 3
    >X-MSMail-Priority: Normal
    >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
    >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
    >Message-ID: <>
    >Newsgroups: microsoft.public.dotnet.framework.aspnet
    >NNTP-Posting-Host: pc3.akermaritime.no 193.161.152.243
    >Path:

    cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSFTNGP08.
    phx.gbl!TK2MSFTNGP10.phx.gbl
    >Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:191817
    >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
    >
    >Hi.
    >I have a folder that contains a lot of different documents. xls, .doc, .pdf
    >etc. Different users have access to different documents. The problem is
    >that if a user knows the name of a document then he can just write the path
    >into IE and get access to it anyway. Is it possible to prevent this?
    >
    >Thanks,
    >Shawn
    >
    >
    >
     
    Jim Cheshire [MSFT], Nov 21, 2003
    #2
    1. Advertising

  3. Shawn,

    If you set the column to visible="false" you will still be able to access it
    in the code-behind. If you need to access its value from the client, then
    you are correct you can't set visible="false".

    If the latter is the case (you need to access the value from the client
    code) you could try using <div> tags around it and setting it's visibility
    with CSS.

    --
    Sincerely,

    S. Justin Gengo, MCP
    Web Developer / Programmer

    Free code library at:
    www.aboutfortunate.com

    "Out of chaos comes order."
    Nietzche


    "Shawn" <> wrote in message
    news:...
    > Hi.
    > I have a folder that contains a lot of different documents. xls, .doc,

    ..pdf
    > etc. Different users have access to different documents. The problem is
    > that if a user knows the name of a document then he can just write the

    path
    > into IE and get access to it anyway. Is it possible to prevent this?
    >
    > Thanks,
    > Shawn
    >
    >
     
    S. Justin Gengo, Nov 21, 2003
    #3
  4. Shawn,

    Sorry.

    I was attempting to post to the message above yours.

    --
    Sincerely,

    S. Justin Gengo, MCP
    Web Developer / Programmer

    Free code library at:
    www.aboutfortunate.com

    "Out of chaos comes order."
    Nietzche


    "S. Justin Gengo" <> wrote in message
    news:...
    > Shawn,
    >
    > If you set the column to visible="false" you will still be able to access

    it
    > in the code-behind. If you need to access its value from the client, then
    > you are correct you can't set visible="false".
    >
    > If the latter is the case (you need to access the value from the client
    > code) you could try using <div> tags around it and setting it's visibility
    > with CSS.
    >
    > --
    > Sincerely,
    >
    > S. Justin Gengo, MCP
    > Web Developer / Programmer
    >
    > Free code library at:
    > www.aboutfortunate.com
    >
    > "Out of chaos comes order."
    > Nietzche
    >
    >
    > "Shawn" <> wrote in message
    > news:...
    > > Hi.
    > > I have a folder that contains a lot of different documents. xls, .doc,

    > .pdf
    > > etc. Different users have access to different documents. The problem

    is
    > > that if a user knows the name of a document then he can just write the

    > path
    > > into IE and get access to it anyway. Is it possible to prevent this?
    > >
    > > Thanks,
    > > Shawn
    > >
    > >

    >
    >
     
    S. Justin Gengo, Nov 21, 2003
    #4
  5. Shawn

    Shawn Guest

    Didn't quite understand what column visibility had to do with protecting
    document folders :)



    "S. Justin Gengo" <> wrote in message
    news:%...
    Shawn,

    Sorry.

    I was attempting to post to the message above yours.

    --
    Sincerely,

    S. Justin Gengo, MCP
    Web Developer / Programmer

    Free code library at:
    www.aboutfortunate.com

    "Out of chaos comes order."
    Nietzche


    "S. Justin Gengo" <> wrote in message
    news:...
    > Shawn,
    >
    > If you set the column to visible="false" you will still be able to access

    it
    > in the code-behind. If you need to access its value from the client, then
    > you are correct you can't set visible="false".
    >
    > If the latter is the case (you need to access the value from the client
    > code) you could try using <div> tags around it and setting it's visibility
    > with CSS.
    >
    > --
    > Sincerely,
    >
    > S. Justin Gengo, MCP
    > Web Developer / Programmer
    >
    > Free code library at:
    > www.aboutfortunate.com
    >
    > "Out of chaos comes order."
    > Nietzche
    >
    >
    > "Shawn" <> wrote in message
    > news:...
    > > Hi.
    > > I have a folder that contains a lot of different documents. xls, .doc,

    > .pdf
    > > etc. Different users have access to different documents. The problem

    is
    > > that if a user knows the name of a document then he can just write the

    > path
    > > into IE and get access to it anyway. Is it possible to prevent this?
    > >
    > > Thanks,
    > > Shawn
    > >
    > >

    >
    >
     
    Shawn, Nov 21, 2003
    #5
  6. Joao S Cardoso [MVP], Nov 21, 2003
    #6
  7. Joao,

    That will work as long as the file type you are requesting is mapped to the
    aspnet_isapi.dll. It's not recommended to map all of these file types to
    ASP.NET.

    Jim Cheshire, MCSE, MCSD [MSFT]
    Developer Support
    ASP.NET


    This post is provided as-is with no warranties and confers no rights.


    --------------------
    >From: "Joao S Cardoso [MVP]" <-o.s-p.a-m>
    >Subject: Re: Protecting documents
    >Date: Fri, 21 Nov 2003 16:26:46 +0000
    >Message-ID: <>
    >References: <>
    >X-Newsreader: Forte Agent 1.93/32.576 English (American)
    >MIME-Version: 1.0
    >Content-Type: text/plain; charset=us-ascii
    >Content-Transfer-Encoding: 7bit
    >Newsgroups: microsoft.public.dotnet.framework.aspnet
    >NNTP-Posting-Host: 213.13.118.94
    >Lines: 1
    >Path:

    cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP08
    ..phx.gbl!TK2MSFTNGP11.phx.gbl
    >Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:191904
    >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
    >
    >You can do this 2 ways.
    >
    >One, Jim's way.
    >
    >The other is to srode diffrent file types in diffrent folders and then

    configure
    >diferent web.config files with the user's on each folder.
    >
    >Joao Cardoso (MVP dotNET)
    >=======================================================
    >[LusoCoders]- http://groups.yahoo.com/group/lusocoders/
    >[PontoNetPT]- http://www.programando.net/regras.aspx
    >-s.p-a.m - www.acinet.pt
    >=======================================================
    >
     
    Jim Cheshire [MSFT], Nov 21, 2003
    #7
  8. >Joao,
    >
    >That will work as long as the file type you are requesting is mapped to the
    >aspnet_isapi.dll. It's not recommended to map all of these file types to
    >ASP.NET.
    >


    Hi... ur right...

    I just remember something... if he is using windows authentication perhaps is as
    easy as changing the security settings for diffrent folders....

    But still your way seems that will be the best for this scenario.

    Joao Cardoso (MVP dotNET)
    =======================================================
    [LusoCoders]- http://groups.yahoo.com/group/lusocoders/
    [PontoNetPT]- http://www.programando.net/regras.aspx
    .n.o-s.p-a.m - www.acinet.pt
    =======================================================
     
    Joao S Cardoso [MVP], Nov 21, 2003
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Kevin Spencer

    Re: Protecting Code Behind Pages

    Kevin Spencer, Jul 7, 2003, in forum: ASP .Net
    Replies:
    2
    Views:
    425
    Kevin Spencer
    Jul 7, 2003
  2. Jon Agiato

    Password protecting areas

    Jon Agiato, Aug 23, 2003, in forum: ASP .Net
    Replies:
    2
    Views:
    393
    Jon Agiato
    Aug 23, 2003
  3. Lucas

    Protecting Software from Piracy

    Lucas, Dec 22, 2003, in forum: ASP .Net
    Replies:
    9
    Views:
    532
    Lucas
    Dec 26, 2003
  4. Lekeas GK

    Protecting Documents

    Lekeas GK, Apr 10, 2005, in forum: HTML
    Replies:
    5
    Views:
    415
    Adrienne
    Apr 14, 2005
  5. Replies:
    1
    Views:
    518
    Juan T. Llibre
    Oct 18, 2006
Loading...

Share This Page