Secure file access

Discussion in 'ASP .Net Security' started by Gerhard, May 19, 2009.

  1. Gerhard

    Gerhard Guest

    I have a vb.net application that needs to allow authorized users to get to
    files on a file server (.pdf, .xls, etc) while maintaining security of them
    from anonymous users. I know the web.config does not monitor this. Is there
    a recommended way to publish these to authorized users?

    Thanks.
     
    Gerhard, May 19, 2009
    #1
    1. Advertising

  2. Hi Gerhard,

    >I have a vb.net application that needs to allow authorized users to get to
    >files on a file server (.pdf, .xls, etc) while maintaining security of

    them
    >from anonymous users. I know the web.config does not monitor this. Is

    there
    >a recommended way to publish these to authorized users?


    To do this we can map the file extension of these files to isapi of ASP.NET
    to let ASP.NET handle the requests to these files.

    The following article demonstrates how to do so:

    http://aspnet.4guysfromrolla.com/articles/020404-1.aspx

    Please have a try and let me know if it works. If you have additional
    questions please feel free to ask.

    Regards,
    Allen Chen
    Microsoft Online Support

    Delighting our customers is our #1 priority. We welcome your comments and
    suggestions about how we can improve the support we provide to you. Please
    feel free to let my manager know what you think of the level of service
    provided. You can send feedback directly to my manager at:
    .

    ==================================================
    Get notification to my posts through email? Please refer to
    http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

    Note: MSDN Managed Newsgroup support offering is for non-urgent issues
    where an initial response from the community or a Microsoft Support
    Engineer within 2 business day is acceptable. Please note that each follow
    up response may take approximately 2 business days as the support
    professional working with you may need further investigation to reach the
    most efficient resolution. The offering is not appropriate for situations
    that require urgent, real-time or phone-based interactions. Issues of this
    nature are best handled working with a dedicated Microsoft Support Engineer
    by contacting Microsoft Customer Support Services (CSS) at
    http://msdn.microsoft.com/en-us/subscriptions/aa948874.aspx
    ==================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Allen Chen [MSFT], May 19, 2009
    #2
    1. Advertising

  3. Gerhard

    Gerhard Guest

    Thanks. This is the right idea, but I do want authenticated uses to be able
    to get to the files. This looks like if forbids any access at all.

    Is there a way through IIS and web.config to allow authenticated users
    access and deny all others?

    Thanks again.


    "Allen Chen [MSFT]" wrote:

    > Hi Gerhard,
    >
    > >I have a vb.net application that needs to allow authorized users to get to
    > >files on a file server (.pdf, .xls, etc) while maintaining security of

    > them
    > >from anonymous users. I know the web.config does not monitor this. Is

    > there
    > >a recommended way to publish these to authorized users?

    >
    > To do this we can map the file extension of these files to isapi of ASP.NET
    > to let ASP.NET handle the requests to these files.
    >
    > The following article demonstrates how to do so:
    >
    > http://aspnet.4guysfromrolla.com/articles/020404-1.aspx
    >
    > Please have a try and let me know if it works. If you have additional
    > questions please feel free to ask.
    >
    > Regards,
    > Allen Chen
    > Microsoft Online Support
    >
    > Delighting our customers is our #1 priority. We welcome your comments and
    > suggestions about how we can improve the support we provide to you. Please
    > feel free to let my manager know what you think of the level of service
    > provided. You can send feedback directly to my manager at:
    > .
    >
    > ==================================================
    > Get notification to my posts through email? Please refer to
    > http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.
    >
    > Note: MSDN Managed Newsgroup support offering is for non-urgent issues
    > where an initial response from the community or a Microsoft Support
    > Engineer within 2 business day is acceptable. Please note that each follow
    > up response may take approximately 2 business days as the support
    > professional working with you may need further investigation to reach the
    > most efficient resolution. The offering is not appropriate for situations
    > that require urgent, real-time or phone-based interactions. Issues of this
    > nature are best handled working with a dedicated Microsoft Support Engineer
    > by contacting Microsoft Customer Support Services (CSS) at
    > http://msdn.microsoft.com/en-us/subscriptions/aa948874.aspx
    > ==================================================
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    >
    >
    >
    >
     
    Gerhard, May 19, 2009
    #3
  4. Gerhard

    Gerhard Guest

    This post has basically what I need,
    http://sandblogaspnet.blogspot.com/2008/02/sometimes-we-as-programmers-we-might.html,
    but I have been unable to make it work as advertised. Couple of questions,
    does each directory have to be set as an IIS application? Do they each need
    their own web.config file? I have the root directory set up per the article,
    but still can put in a URL and get to files I shouldn't. Is there a
    Microsoft article that covers the details of how to set this up?

    Thanks.

    "Allen Chen [MSFT]" wrote:

    > Hi Gerhard,
    >
    > >I have a vb.net application that needs to allow authorized users to get to
    > >files on a file server (.pdf, .xls, etc) while maintaining security of

    > them
    > >from anonymous users. I know the web.config does not monitor this. Is

    > there
    > >a recommended way to publish these to authorized users?

    >
    > To do this we can map the file extension of these files to isapi of ASP.NET
    > to let ASP.NET handle the requests to these files.
    >
    > The following article demonstrates how to do so:
    >
    > http://aspnet.4guysfromrolla.com/articles/020404-1.aspx
    >
    > Please have a try and let me know if it works. If you have additional
    > questions please feel free to ask.
    >
    > Regards,
    > Allen Chen
    > Microsoft Online Support
    >
    > Delighting our customers is our #1 priority. We welcome your comments and
    > suggestions about how we can improve the support we provide to you. Please
    > feel free to let my manager know what you think of the level of service
    > provided. You can send feedback directly to my manager at:
    > .
    >
    > ==================================================
    > Get notification to my posts through email? Please refer to
    > http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.
    >
    > Note: MSDN Managed Newsgroup support offering is for non-urgent issues
    > where an initial response from the community or a Microsoft Support
    > Engineer within 2 business day is acceptable. Please note that each follow
    > up response may take approximately 2 business days as the support
    > professional working with you may need further investigation to reach the
    > most efficient resolution. The offering is not appropriate for situations
    > that require urgent, real-time or phone-based interactions. Issues of this
    > nature are best handled working with a dedicated Microsoft Support Engineer
    > by contacting Microsoft Customer Support Services (CSS) at
    > http://msdn.microsoft.com/en-us/subscriptions/aa948874.aspx
    > ==================================================
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    >
    >
    >
    >
     
    Gerhard, May 20, 2009
    #4
  5. Gerhard

    Gerhard Guest

    I figured it out.

    Thanks.

    "Allen Chen [MSFT]" wrote:

    > Hi Gerhard,
    >
    > >I have a vb.net application that needs to allow authorized users to get to
    > >files on a file server (.pdf, .xls, etc) while maintaining security of

    > them
    > >from anonymous users. I know the web.config does not monitor this. Is

    > there
    > >a recommended way to publish these to authorized users?

    >
    > To do this we can map the file extension of these files to isapi of ASP.NET
    > to let ASP.NET handle the requests to these files.
    >
    > The following article demonstrates how to do so:
    >
    > http://aspnet.4guysfromrolla.com/articles/020404-1.aspx
    >
    > Please have a try and let me know if it works. If you have additional
    > questions please feel free to ask.
    >
    > Regards,
    > Allen Chen
    > Microsoft Online Support
    >
    > Delighting our customers is our #1 priority. We welcome your comments and
    > suggestions about how we can improve the support we provide to you. Please
    > feel free to let my manager know what you think of the level of service
    > provided. You can send feedback directly to my manager at:
    > .
    >
    > ==================================================
    > Get notification to my posts through email? Please refer to
    > http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.
    >
    > Note: MSDN Managed Newsgroup support offering is for non-urgent issues
    > where an initial response from the community or a Microsoft Support
    > Engineer within 2 business day is acceptable. Please note that each follow
    > up response may take approximately 2 business days as the support
    > professional working with you may need further investigation to reach the
    > most efficient resolution. The offering is not appropriate for situations
    > that require urgent, real-time or phone-based interactions. Issues of this
    > nature are best handled working with a dedicated Microsoft Support Engineer
    > by contacting Microsoft Customer Support Services (CSS) at
    > http://msdn.microsoft.com/en-us/subscriptions/aa948874.aspx
    > ==================================================
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    >
    >
    >
    >
     
    Gerhard, May 21, 2009
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. A.M
    Replies:
    5
    Views:
    5,469
    Teemu Keiski
    Jun 8, 2004
  2. Daniel Malcolm
    Replies:
    0
    Views:
    566
    Daniel Malcolm
    Jan 24, 2005
  3. zdrakec
    Replies:
    1
    Views:
    443
    zdrakec
    Jul 25, 2005
  4. Joe
    Replies:
    5
    Views:
    974
    Steven Cheng[MSFT]
    Dec 13, 2005
  5. verbal kint
    Replies:
    1
    Views:
    556
    Sudsy
    Sep 4, 2004
Loading...

Share This Page