How to secure files and directories in asp.net

[Atif Iqbal]

Hi,

How can i secure files and directories in asp.net ..... i'm using form based
authentication to secure my asp.net pages but when any user directly access
(directly type url address in the webbrowser.) any other file like perl or
any text file in my application directory it allows user to access that file
.. how can i secure my directories and other files from being access.

TIA

atif

 

[Jim Cheshire [MSFT]]

Atif,

ASP.NET Forms authentication will only secure content that is processed by
the aspnet_isapi.dll. If you need to replace other static file types (such
as text files), you can do that by mapping them to the aspnet_isapi.dll,
but you'll want to test that fully before deploying it to production apps.
For perl files, you're out of luck because they have to be processed by the
perl engine.

You can also consider having an ASP.NET page that redirects to the URL that
is passed to it. If the user is not authenticated via Forms auth, the
request will be denied. If they are, it will be accepted and your ASP.NET
page can redirect to the correct URL.

There are many approaches to this problem.

Jim Cheshire, MCSE, MCSD [MSFT]
ASP.NET
Developer Support
(e-mail address removed)

This post is provided "AS-IS" with no warranties and confers no rights.

--------------------

 

[Atif Iqbal]

Thanx for ur reply

but there must be a way to secure directories in asp.net .
can u plz guide me how to secure my directories so that no one can access my
directories
without an appropriate previliges. response.redirect is not the solution
i've used server.transfer
but it does not support perl files...

TIA
Atif

Atif,

ASP.NET Forms authentication will only secure content that is processed by
the aspnet_isapi.dll. If you need to replace other static file types (such
as text files), you can do that by mapping them to the aspnet_isapi.dll,
but you'll want to test that fully before deploying it to production apps.
For perl files, you're out of luck because they have to be processed by the
perl engine.

You can also consider having an ASP.NET page that redirects to the URL that
is passed to it. If the user is not authenticated via Forms auth, the
request will be denied. If they are, it will be accepted and your ASP.NET
page can redirect to the correct URL.

There are many approaches to this problem.

Jim Cheshire, MCSE, MCSD [MSFT]
ASP.NET
Developer Support
(e-mail address removed)

This post is provided "AS-IS" with no warranties and confers no rights.

--------------------

From: "Atif Iqbal" <[email protected]>
Subject: How to secure files and directories in asp.net
Date: Thu, 1 Apr 2004 11:33:24 +0500
Lines: 13
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <[email protected]>
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
NNTP-Posting-Host: lhr63.pie.net.pk 202.125.147.222
Path:

cpmsftngxa06.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTFEED01.phx.gbl!TK2MSFTNGP08

phx.gbl!TK2MSFTNGP10.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet.security:9466
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

Hi,

How can i secure files and directories in asp.net ..... i'm using form based
authentication to secure my asp.net pages but when any user directly access
(directly type url address in the webbrowser.) any other file like perl or
any text file in my application directory it allows user to access that file
. how can i secure my directories and other files from being access.

TIA

atif

 

[Jim Cheshire [MSFT]]

Atif,

You have to remember that if you are trying to have an ASP.NET specific
feature protect your content (a feature such as ASP.NET Forms
authentication), it's only going to work for resources that are parsed
through the ASP.NET ISAPI filter. If ASP.NET does not process the request,
it cannot control access to the resource.

Because of this, you are going to have to use NTFS permissions or some
other authentication method that you devise to control access to your
resources.

Jim Cheshire, MCSE, MCSD [MSFT]
ASP.NET
Developer Support
(e-mail address removed)

This post is provided "AS-IS" with no warranties and confers no rights.

--------------------

From: "Atif Iqbal" <[email protected]>
References: <[email protected]>

Subject: Re: How to secure files and directories in asp.net
Date: Fri, 2 Apr 2004 11:29:34 +0500
Lines: 83
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <#[email protected]>
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
NNTP-Posting-Host: lhr63.pie.net.pk 202.125.147.222
Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet.security:9485
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

Thanx for ur reply

but there must be a way to secure directories in asp.net .
can u plz guide me how to secure my directories so that no one can access my
directories
without an appropriate previliges. response.redirect is not the solution
i've used server.transfer
but it does not support perl files...

TIA
Atif

Atif,

ASP.NET Forms authentication will only secure content that is processed by
the aspnet_isapi.dll. If you need to replace other static file types (such
as text files), you can do that by mapping them to the aspnet_isapi.dll,
but you'll want to test that fully before deploying it to production apps.
For perl files, you're out of luck because they have to be processed by the
perl engine.

You can also consider having an ASP.NET page that redirects to the URL that
is passed to it. If the user is not authenticated via Forms auth, the
request will be denied. If they are, it will be accepted and your ASP.NET
page can redirect to the correct URL.

There are many approaches to this problem.

Jim Cheshire, MCSE, MCSD [MSFT]
ASP.NET
Developer Support
(e-mail address removed)

This post is provided "AS-IS" with no warranties and confers no rights.

--------------------

From: "Atif Iqbal" <[email protected]>
Subject: How to secure files and directories in asp.net
Date: Thu, 1 Apr 2004 11:33:24 +0500
Lines: 13
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <[email protected]>
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
NNTP-Posting-Host: lhr63.pie.net.pk 202.125.147.222
Path:

cpmsftngxa06.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTFEED01.phx.gbl!TK2MSFTNGP0 8

phx.gbl!TK2MSFTNGP10.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet.security:9466
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

Hi,

How can i secure files and directories in asp.net ..... i'm using form based
authentication to secure my asp.net pages but when any user directly access
(directly type url address in the webbrowser.) any other file like perl or
any text file in my application directory it allows user to access that file
. how can i secure my directories and other files from being access.

TIA

atif