Securing XML file in an ASP.NET web app folder.

T

TK

Hi,

I have an ASP.NET web application and almost everything is working fine
excepting failing to make an XML file be secure. There is an XML file which
includes meta-data for both of server-side .NET application and client-side
javascript application. And the meta-data in the XML file shoud be hidden
for unauthenticated clients.

I know ASP.NET doesn't care for .xml files in default setting, so I added a
file extention-application mapping as ".xml" to
"C:\Winnt\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll" for all verbs.
Yes, it works for client-side script. I succeeded to hide such meta-data
from unauthenticated users. But server side, now I have a problem not only
for unauthenticated users but also authenticated users.

I have a server-side code such as following.

XmlDocument doc = new XmlDocument();
doc.Load("http://......../metadata.xml");


Now the 2nd line always throw an XML exception as "This is an unexpected
token, The expected token is 'QUOTE'. line 2 position 64"
Ofcourse, the XML file has correct tag structure, and everything was OK
until I added an application mapping for ".xml" files in IIS admin tool.

What's happen here?
Does anyone have experienced something like this? or any idea?

best regards,
TK
 
H

Hans Kesting

TK said:
Hi,

I have an ASP.NET web application and almost everything is working fine
excepting failing to make an XML file be secure. There is an XML file which
includes meta-data for both of server-side .NET application and client-side
javascript application. And the meta-data in the XML file shoud be hidden
for unauthenticated clients.

I know ASP.NET doesn't care for .xml files in default setting, so I added a
file extention-application mapping as ".xml" to
"C:\Winnt\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll" for all verbs.
Yes, it works for client-side script. I succeeded to hide such meta-data
from unauthenticated users. But server side, now I have a problem not only
for unauthenticated users but also authenticated users.

I have a server-side code such as following.

XmlDocument doc = new XmlDocument();
doc.Load("http://......../metadata.xml");


Now the 2nd line always throw an XML exception as "This is an unexpected
token, The expected token is 'QUOTE'. line 2 position 64"
Ofcourse, the XML file has correct tag structure, and everything was OK
until I added an application mapping for ".xml" files in IIS admin tool.

What's happen here?
Does anyone have experienced something like this? or any idea?

best regards,
TK

Not quite sure this will cure your problem, but you don't *need* to
specify that xml file by url, you can also use the abolute local path
(use MapPath and a relative path to get that absolute path)

Hans Kesting
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top