«

Hello,
I'm working on a portal based on IBuySpy, where the main page is
desktopdefault.aspx and all content is stored in
www.domain.com/content/html/nnn
or
www.domain.com/content/images/nnn
and injected in the desktopdefault.aspx page.

How can I prevent users doing www.domain.com/content/images/test.jpg
and getting the image (or the html file, or whatever inside the
content directory?)
It doesn't matter if the user is authenticated or not, I just want
obly the webapplication to be able to load and display the files
inside the /content directory.

Can I do this just manipulating the web.config, without changing
directory permissions on the webserver?


Thanks!

You can move the directory outside of the web application's directory.

-Brock
DevelopMentor
http://staff.develop.com/ballen



> Hello,
> I'm working on a portal based on IBuySpy, where the main page is
> desktopdefault.aspx and all content is stored in
> www.domain.com/content/html/nnn
> or
> www.domain.com/content/images/nnn
> and injected in the desktopdefault.aspx page.
> How can I prevent users doing www.domain.com/content/images/test.jpg
> and getting the image (or the html file, or whatever inside the
> content directory?)
> It doesn't matter if the user is authenticated or not, I just want
> obly the webapplication to be able to load and display the files
> inside the /content directory.
> Can I do this just manipulating the web.config, without changing
> directory permissions on the webserver?
>
> Thanks!
>

Good suggestion, but is there a way to control access to that
directory with the web.config?

Thanks.

>You can move the directory outside of the web application's directory.
>
>-Brock
>DevelopMentor
>http://staff.develop.com/ballen
>
>
>
>> Hello,
>> I'm working on a portal based on IBuySpy, where the main page is
>> desktopdefault.aspx and all content is stored in
>> www.domain.com/content/html/nnn
>> or
>> www.domain.com/content/images/nnn
>> and injected in the desktopdefault.aspx page.
>> How can I prevent users doing www.domain.com/content/images/test.jpg
>> and getting the image (or the html file, or whatever inside the
>> content directory?)
>> It doesn't matter if the user is authenticated or not, I just want
>> obly the webapplication to be able to load and display the files
>> inside the /content directory.
>> Can I do this just manipulating the web.config, without changing
>> directory permissions on the webserver?
>>
>> Thanks!
>>
>
>

web.config :

<?xml version="1.0" encoding="utf-8" ?>
<configuration>

<system.web>
<authorization>
<allow users="ASPNET's account name"/>
<deny users="*"/>
</authorization>

</system.web>
</configuration>




Juan T. Llibre
ASP.NET MVP
http://asp.net.do/foros/
Foros de ASP.NET en Español
Ven, y hablemos de ASP.NET...
======================

"Matt" <> wrote in message news:...
> Good suggestion, but is there a way to control access to that
> directory with the web.config?
>
> Thanks.
>
>>You can move the directory outside of the web application's directory.
>>
>>-Brock
>>DevelopMentor
>>http://staff.develop.com/ballen
>>
>>
>>
>>> Hello,
>>> I'm working on a portal based on IBuySpy, where the main page is
>>> desktopdefault.aspx and all content is stored in
>>> www.domain.com/content/html/nnn
>>> or
>>> www.domain.com/content/images/nnn
>>> and injected in the desktopdefault.aspx page.
>>> How can I prevent users doing www.domain.com/content/images/test.jpg
>>> and getting the image (or the html file, or whatever inside the
>>> content directory?)
>>> It doesn't matter if the user is authenticated or not, I just want
>>> obly the webapplication to be able to load and display the files
>>> inside the /content directory.
>>> Can I do this just manipulating the web.config, without changing
>>> directory permissions on the webserver?
>>>
>>> Thanks!

There's a step-by-step tutorial at :

http://www.dotnetcoders.com/web/Arti...px?article=186



Juan T. Llibre
ASP.NET MVP
http://asp.net.do/foros/
Foros de ASP.NET en Español
Ven, y hablemos de ASP.NET...
======================

"Juan T. Llibre" <> wrote in message
news:...
> web.config :
>
> <?xml version="1.0" encoding="utf-8" ?>
> <configuration>
>
> <system.web>
> <authorization>
> <allow users="ASPNET's account name"/>
> <deny users="*"/>
> </authorization>
>
> </system.web>
> </configuration>
>
>
>
>
> Juan T. Llibre
> ASP.NET MVP
> http://asp.net.do/foros/
> Foros de ASP.NET en Español
> Ven, y hablemos de ASP.NET...
> ======================
>
> "Matt" <> wrote in message
> news:...
>> Good suggestion, but is there a way to control access to that
>> directory with the web.config?
>>
>> Thanks.
>>
>>>You can move the directory outside of the web application's directory.
>>>
>>>-Brock
>>>DevelopMentor
>>>http://staff.develop.com/ballen
>>>
>>>
>>>
>>>> Hello,
>>>> I'm working on a portal based on IBuySpy, where the main page is
>>>> desktopdefault.aspx and all content is stored in
>>>> www.domain.com/content/html/nnn
>>>> or
>>>> www.domain.com/content/images/nnn
>>>> and injected in the desktopdefault.aspx page.
>>>> How can I prevent users doing www.domain.com/content/images/test.jpg
>>>> and getting the image (or the html file, or whatever inside the
>>>> content directory?)
>>>> It doesn't matter if the user is authenticated or not, I just want
>>>> obly the webapplication to be able to load and display the files
>>>> inside the /content directory.
>>>> Can I do this just manipulating the web.config, without changing
>>>> directory permissions on the webserver?
>>>>
>>>> Thanks!
>
>

I tried, but nothing changes, the user can still do something like
www.domain.com/content/html/test.htm
and see the content.


On Wed, 27 Apr 2005 06:15:05 -0400, "Juan T. Llibre"
<> wrote:

> <allow users="ASPNET's account name"/>
> <deny users="*"/>

Thanks I'll read it

On Wed, 27 Apr 2005 06:26:18 -0400, "Juan T. Llibre"
<> wrote:

>http://www.dotnetcoders.com/web/Arti...px?article=186

> Good suggestion, but is there a way to control access to that
> directory with the web.config?

Not if IIS is serving up the files, as the request never makes it to ASP.NET.

-Brock
DevelopMentor
http://staff.develop.com/ballen

I think that adding the specific file types to the files managed
by ASP.NET will turn the trick if you implement forms-based
authentication to the directory.



Juan T. Llibre
ASP.NET MVP
http://asp.net.do/foros/
Foros de ASP.NET en Español
Ven, y hablemos de ASP.NET...
======================

"Brock Allen" <> wrote in message
news: ...
>> Good suggestion, but is there a way to control access to that
>> directory with the web.config?
>
> Not if IIS is serving up the files, as the request never makes it to ASP.NET.
>
> -Brock
> DevelopMentor
> http://staff.develop.com/ballen
>
>
>

> I think that adding the specific file types to the files managed by
> ASP.NET will turn the trick if you implement forms-based
> authentication to the directory.

Yep, that will work.

-Brock
DevelopMentor
http://staff.develop.com/ballen