Secure file access

[Gerhard]

I have a vb.net application that needs to allow authorized users to get to
files on a file server (.pdf, .xls, etc) while maintaining security of them
from anonymous users. I know the web.config does not monitor this. Is there
a recommended way to publish these to authorized users?

Thanks.

 

[Allen Chen [MSFT]]

Hi Gerhard,

I have a vb.net application that needs to allow authorized users to get to
files on a file server (.pdf, .xls, etc) while maintaining security of them
from anonymous users. I know the web.config does not monitor this. Is there
a recommended way to publish these to authorized users?

To do this we can map the file extension of these files to isapi of ASP.NET
to let ASP.NET handle the requests to these files.

The following article demonstrates how to do so:

http://aspnet.4guysfromrolla.com/articles/020404-1.aspx

Please have a try and let me know if it works. If you have additional
questions please feel free to ask.

Regards,
Allen Chen
Microsoft Online Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

Note: MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 2 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions. Issues of this
nature are best handled working with a dedicated Microsoft Support Engineer
by contacting Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/en-us/subscriptions/aa948874.aspx
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Gerhard]

Thanks. This is the right idea, but I do want authenticated uses to be able
to get to the files. This looks like if forbids any access at all.

Is there a way through IIS and web.config to allow authenticated users
access and deny all others?

Thanks again.

 

[Gerhard]

This post has basically what I need,
http://sandblogaspnet.blogspot.com/2008/02/sometimes-we-as-programmers-we-might.html,
but I have been unable to make it work as advertised. Couple of questions,
does each directory have to be set as an IIS application? Do they each need
their own web.config file? I have the root directory set up per the article,
but still can put in a URL and get to files I shouldn't. Is there a
Microsoft article that covers the details of how to set this up?

Thanks.

 

[Gerhard]

I figured it out.

Thanks.

Hi Gerhard,


To do this we can map the file extension of these files to isapi of ASP.NET
to let ASP.NET handle the requests to these files.

The following article demonstrates how to do so:

http://aspnet.4guysfromrolla.com/articles/020404-1.aspx

Please have a try and let me know if it works. If you have additional
questions please feel free to ask.

Regards,
Allen Chen
Microsoft Online Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

Note: MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 2 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions. Issues of this
nature are best handled working with a dedicated Microsoft Support Engineer
by contacting Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/en-us/subscriptions/aa948874.aspx
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.