Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Protecting documents

Reply
Thread Tools

Protecting documents

 
 
Shawn
Guest
Posts: n/a
 
      11-21-2003
Hi.
I have a folder that contains a lot of different documents. xls, .doc, .pdf
etc. Different users have access to different documents. The problem is
that if a user knows the name of a document then he can just write the path
into IE and get access to it anyway. Is it possible to prevent this?

Thanks,
Shawn


 
Reply With Quote
 
 
 
 
Jim Cheshire [MSFT]
Guest
Posts: n/a
 
      11-21-2003
Shawn,

If it's required that people be able to download these (which I'm sure it
is), your best bet is to store them on the file system where they are
inaccessible directly. You can then use Response.BinaryWrite to stream
them down to the browser when legitimate.

Here's a small code sample that demonstrates a PDF file loaded both inline
and outside fo the browser.

Dim fs As New FileStream("c:\directory\books.pdf"),
FileMode.OpenOrCreate, FileAccess.Read)
Dim MyData(fs.Length) As Byte
fs.Read(MyData, 0, fs.Length)
Response.Buffer = True
Response.Clear()
Response.ContentType = "application/pdf"

' Opens it outside browser
Response.AddHeader("content-disposition", "attachment;
filename=books.pdf")

' Opens it inside browser
'Response.AddHeader("content-disposition", "inline;
filename=books.pdf")

Response.BinaryWrite(MyData)
Response.End()


Hope that helps.


Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
http://www.velocityreviews.com/forums/(E-Mail Removed)

This post is provided as-is with no warranties and confers no rights.

--------------------
>From: "Shawn" <(E-Mail Removed)>
>Subject: Protecting documents
>Date: Fri, 21 Nov 2003 13:20:58 +0100
>Lines: 10
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>Message-ID: <(E-Mail Removed)>
>Newsgroups: microsoft.public.dotnet.framework.aspnet
>NNTP-Posting-Host: pc3.akermaritime.no 193.161.152.243
>Path:

cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!cpmsftng xa06.phx.gbl!TK2MSFTNGP08.
phx.gbl!TK2MSFTNGP10.phx.gbl
>Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:191817
>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
>
>Hi.
>I have a folder that contains a lot of different documents. xls, .doc, .pdf
>etc. Different users have access to different documents. The problem is
>that if a user knows the name of a document then he can just write the path
>into IE and get access to it anyway. Is it possible to prevent this?
>
>Thanks,
>Shawn
>
>
>


 
Reply With Quote
 
 
 
 
S. Justin Gengo
Guest
Posts: n/a
 
      11-21-2003
Shawn,

If you set the column to visible="false" you will still be able to access it
in the code-behind. If you need to access its value from the client, then
you are correct you can't set visible="false".

If the latter is the case (you need to access the value from the client
code) you could try using <div> tags around it and setting it's visibility
with CSS.

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

Free code library at:
www.aboutfortunate.com

"Out of chaos comes order."
Nietzche


"Shawn" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi.
> I have a folder that contains a lot of different documents. xls, .doc,

..pdf
> etc. Different users have access to different documents. The problem is
> that if a user knows the name of a document then he can just write the

path
> into IE and get access to it anyway. Is it possible to prevent this?
>
> Thanks,
> Shawn
>
>



 
Reply With Quote
 
S. Justin Gengo
Guest
Posts: n/a
 
      11-21-2003
Shawn,

Sorry.

I was attempting to post to the message above yours.

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

Free code library at:
www.aboutfortunate.com

"Out of chaos comes order."
Nietzche


"S. Justin Gengo" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Shawn,
>
> If you set the column to visible="false" you will still be able to access

it
> in the code-behind. If you need to access its value from the client, then
> you are correct you can't set visible="false".
>
> If the latter is the case (you need to access the value from the client
> code) you could try using <div> tags around it and setting it's visibility
> with CSS.
>
> --
> Sincerely,
>
> S. Justin Gengo, MCP
> Web Developer / Programmer
>
> Free code library at:
> www.aboutfortunate.com
>
> "Out of chaos comes order."
> Nietzche
>
>
> "Shawn" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Hi.
> > I have a folder that contains a lot of different documents. xls, .doc,

> .pdf
> > etc. Different users have access to different documents. The problem

is
> > that if a user knows the name of a document then he can just write the

> path
> > into IE and get access to it anyway. Is it possible to prevent this?
> >
> > Thanks,
> > Shawn
> >
> >

>
>



 
Reply With Quote
 
Shawn
Guest
Posts: n/a
 
      11-21-2003
Didn't quite understand what column visibility had to do with protecting
document folders



"S. Justin Gengo" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
Shawn,

Sorry.

I was attempting to post to the message above yours.

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

Free code library at:
www.aboutfortunate.com

"Out of chaos comes order."
Nietzche


"S. Justin Gengo" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Shawn,
>
> If you set the column to visible="false" you will still be able to access

it
> in the code-behind. If you need to access its value from the client, then
> you are correct you can't set visible="false".
>
> If the latter is the case (you need to access the value from the client
> code) you could try using <div> tags around it and setting it's visibility
> with CSS.
>
> --
> Sincerely,
>
> S. Justin Gengo, MCP
> Web Developer / Programmer
>
> Free code library at:
> www.aboutfortunate.com
>
> "Out of chaos comes order."
> Nietzche
>
>
> "Shawn" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Hi.
> > I have a folder that contains a lot of different documents. xls, .doc,

> .pdf
> > etc. Different users have access to different documents. The problem

is
> > that if a user knows the name of a document then he can just write the

> path
> > into IE and get access to it anyway. Is it possible to prevent this?
> >
> > Thanks,
> > Shawn
> >
> >

>
>




 
Reply With Quote
 
Joao S Cardoso [MVP]
Guest
Posts: n/a
 
      11-21-2003
You can do this 2 ways.

One, Jim's way.

The other is to srode diffrent file types in diffrent folders and then configure
diferent web.config files with the user's on each folder.

Joao Cardoso (MVP dotNET)
================================================== =====
[LusoCoders]- http://groups.yahoo.com/group/lusocoders/
[PontoNetPT]- http://www.programando.net/regras.aspx
(E-Mail Removed).n.o-s.p-a.m - www.acinet.pt
================================================== =====
 
Reply With Quote
 
Jim Cheshire [MSFT]
Guest
Posts: n/a
 
      11-21-2003
Joao,

That will work as long as the file type you are requesting is mapped to the
aspnet_isapi.dll. It's not recommended to map all of these file types to
ASP.NET.

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(E-Mail Removed)

This post is provided as-is with no warranties and confers no rights.


--------------------
>From: "Joao S Cardoso [MVP]" <(E-Mail Removed)-o.s-p.a-m>
>Subject: Re: Protecting documents
>Date: Fri, 21 Nov 2003 16:26:46 +0000
>Message-ID: <(E-Mail Removed)>
>References: <(E-Mail Removed)>
>X-Newsreader: Forte Agent 1.93/32.576 English (American)
>MIME-Version: 1.0
>Content-Type: text/plain; charset=us-ascii
>Content-Transfer-Encoding: 7bit
>Newsgroups: microsoft.public.dotnet.framework.aspnet
>NNTP-Posting-Host: 213.13.118.94
>Lines: 1
>Path:

cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTN GXA05.phx.gbl!TK2MSFTNGP08
..phx.gbl!TK2MSFTNGP11.phx.gbl
>Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:191904
>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
>
>You can do this 2 ways.
>
>One, Jim's way.
>
>The other is to srode diffrent file types in diffrent folders and then

configure
>diferent web.config files with the user's on each folder.
>
>Joao Cardoso (MVP dotNET)
>================================================= ======
>[LusoCoders]- http://groups.yahoo.com/group/lusocoders/
>[PontoNetPT]- http://www.programando.net/regras.aspx
>(E-Mail Removed)-s.p-a.m - www.acinet.pt
>================================================= ======
>


 
Reply With Quote
 
Joao S Cardoso [MVP]
Guest
Posts: n/a
 
      11-21-2003
>Joao,
>
>That will work as long as the file type you are requesting is mapped to the
>aspnet_isapi.dll. It's not recommended to map all of these file types to
>ASP.NET.
>


Hi... ur right...

I just remember something... if he is using windows authentication perhaps is as
easy as changing the security settings for diffrent folders....

But still your way seems that will be the best for this scenario.

Joao Cardoso (MVP dotNET)
================================================== =====
[LusoCoders]- http://groups.yahoo.com/group/lusocoders/
[PontoNetPT]- http://www.programando.net/regras.aspx
(E-Mail Removed).n.o-s.p-a.m - www.acinet.pt
================================================== =====
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Protecting Word Documents BIGEYE Computer Support 6 03-21-2008 01:11 PM
No more stuff on C:\Documents and Settings\[User]\My Documents\Visual Studio 2005\ craigkenisston@hotmail.com ASP .Net 1 10-18-2006 03:31 PM
Protecting Documents Lekeas GK HTML 5 04-14-2005 06:47 AM
Protecting one vlan from others Dralph Cisco 7 01-16-2004 02:19 PM



Advertisments