Security content in Virtual Directory

B

Beryl Small

I have a .NET web application that uses forms
authentication. There are CBTs in a virtual directory on
the IIS server. I do not want users logging into to the
website to be able to navigate to the virtual folder and
start any of the CBTs. The CBTs should only be able to be
accessed throught a redirection from an .aspx page in my
application. Is there any way to do this
 
E

Eric Marvets

What I would do is place the CBTs in a directory not accessable via the web,
but that the ASPNET account had access to and stream the content to the
user. Beware that garbage collection is not a fan of large objects, so I
would stream (don't use the default of buffering) the content in 50kb chunks
to avoid any memory issues.

Let me know if you need a quick code sample.

--
Eric Marvets
Principal Consultant

the bang project

<shameless self promotion>

Email (e-mail address removed) for Information on Our Architecture and
Mentoring Services

</shameless self promotion>
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Directory Security 7
Sharing ASPNET security 3
Multi tier web application security architecture 0
Configure Virtual Directory as application 2
include virtual in virtual directory? 3
virtual directory 2
Password validation security issue 19
I need help in understanding these files on my phone, Could someone help me understand these files? Urgent help needed. Please help. 1

Members online

Total: 21 (members: 1, guests: 20)
Robots: 185

Forum statistics

Threads
473,773
Messages
2,569,594
Members
45,119
Latest member
IrmaNorcro

Latest Threads

Top