.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Register
 
Win Surprise Gifts!!!
Congratulations!!!


Top 5 Contributors of the Month
MarieAdela
Imran Ghani
Post New Web Links

Securing files using Handler and App_Data folder

Posted By:      Posted Date: September 16, 2010    Points: 0   Category :ASP.Net
 
HiI have secured some files on my webserver by putting them into the App_Data folder in the root (I do not have the option to secure folders using the ASAPI filter)The user gets access to these files by requesting them through a handler, fx. by requesting ~/Handler.ashx?file=App_Data/MySubFolder/MyFile.jpgNow, I want to make all the content in a specific folder called "Members" (a single subdirectory of the App_Data folder) available only by passing a specific password. That is by requesting ~/Handler.ashx?file=App_Data/MySubFolder/MyFile.jpg&password=xxxxIn my Handler.ashx I have written some logic seeking if InStr(context.Request.QueryString("file"), "Members") = 0 before sending the file. If inStr <> 0 a password is required.Is this a good way to secure a folder in and its content? Is there a way of getting access anyway, like using some kind of "sub-directory" line in the path (the same way as you can request parent directory by using "../../Myfile.jpg)? I know there will be a problem if someone fx. legitimately tries to access the file App_Data/Members.jpgThanks in advance!-Jesper


View Complete Post


More Related Resource Links

Copying files to a folder on web server

  

Hi

I have few files in FolderA on the web server.

I want the users to select a fews files from FolderA and copy them to FolderB on the same web server.

I want to list all the files in FolderA and allow the user to select a few files and copy.

I want to copy the files programatically when the user selects a few files and click on Copy button.

How to copy the files quickly from folderA to FolderB?

thanks

Ashok

 


Create user is creating aspxxxx.mdf database in my app_data folder

  

I had already setup roles for my pages and requirements call for ability to manage and create users.

So i was looking at code that allows you to do so using membership, even though i got the page to work, it was creating a database in my app_data folder.. i already have SQLExpress setup with the asp schema, but cant figure out how to get my application to use that instead of creating the db in the folder?

What am i missing or doing wrong?

I have the following setup in my web.config file..

		<authentication mode="Windows"/>
		<authorization>
			<deny users="?"/>
		</authorization>
    <membership>
      <providers>
        <add name="SqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
        connectionStringName="connectn"
        enablePasswordRetrieval="false"
        enablePasswordReset="true"
        requiresQuestionAndAnswer="true"
        applicationName="MyApplication"
        requiresUniqueEmail="false"
        passwordFormat="Hashed"
        maxInvalidPasswordAttempts="5"
        minRequiredPasswordLength="7"
        minRequiredNo

How to use Resource files added to Resources Folder ?

  

Hi,

I have added .CSS file in Resources folder of the project.In the same way i can add Images or any other files.But i am unable to use those files in Server Control Project.How to apply CssClass property to any predefined server control to the css file that is stored in the Resources folder  ?

Please guide how to use those Resource files . 


Deploy folder for a .rdl files

  
In a win form app, i use a report viewer for local reporting, the troble is: I can't find a "Aplication relative folder" where to strore those .rdl files, so i can find them in a run time. Thks for any ideas. I'm using vb2010 express an sql 2008 expressDANIEL CABAÑAS LEÓN - I'M NOT AFRAID TO DIE, I'M NOT AFRAID TO LIVE

Copy files from one folder to another

  
hi  I am able to create a folder but is not able to copy files from the source to the newly created folder. Is there something that i missed out? Thanks  Dim sitename As String = "~/site/" & txtUsername.Text Directory.CreateDirectory(Server.MapPath(sitename))            Try                Dim f() As String = Directory.GetFiles("/site/source/")                For i As Integer = 0 To UBound(f)                    File.Copy(f(i), Server.MapPath(sitename) & "\" & (f(i)))                Next            Catch ex As ExceptionEnd Try  

How to run exe in different folder than dll files

  
Hello, How can I run de exe file in a different folder than the dll files? Now ill get the error: " Could not load file or assembly 'Pangaea.CMS.Module, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. The system cannot find the file specified" thx

Why are folder web.config files excluded?

  
I am asking this mainly out of curiosity. When access rules are created for folders using WSAT, web.config files are generated in these folders. I thought these rules should be deployed with the application (It is at least the case for all my applications), but these file are not included after creation so they are not deployed by default. What is the rationale behind this?

Question re. App_Data folder

  
I have authentication on my site and it works fine on my local machine but it has stopped working on my live one. Basically once a user logs in, if the role he/she has is listed in web.config as being "Access denied" then it redirects them to a page where they are given an error message.On the live on it doesn't redirect the user, it brings up a page with "Access denied creating App_Data subdirectory etc.." on it.I noticed that there is no  App_Data folder on the live site, but there is on my local pc (with a ASPNETDB.mdf file in it). So I created an App_Data folder on the live site and now I don't get the "Access denied " error but a timeout error instead.I presume this is because the live site does not have the ASPNETDB.mdf file.I am wondering for user authentication does this file have to be on the live site, could someone have deleted it? If so can I copy the one from my local pc to the live site?I hope I am making sense, thanks for any replies.

Querystring to determine what Document Library Folder's files to list?

  
First of all, any webpart that alllows you to list documents in a particular folder of a Document library? Second, possible to pass what folder to list via a query string to  that webpart ? Thanks.

automatically aspnetdb is created in app_data folder

  
 i have used membersip, roles, profile in my website. i have moved all the tables and sps to the new database i am using. to avoid creating aspnetdb. i use sqlexpress and visual web express. My problem is aspnetdb is automatically created event though i have not used 'localsqlserver' specified anywhere in the web.config file.  I not able to understand why aspnetdb is automatically created in the app_data folder. Any ideas..

Copy folder from FTP site using SSH to local machine using DOS batch files

  

Hello,

Is there a way to copy a folder from an FTP site listening on SSH connection using DOS batch files? I know that there are several third party tools out there that accomplish this. I am NOT looking for that solution. I tried this in Powershell, but could not find a solution, and I am hoping a simple DOS batch file can handle this.

 

Any help would be appreciated...


Dave SQL Developer

how to delete files from folder in webserver

  

hi i m using fileupload concept and saving the files to a folder download.hw can i check the files names saved in that folder while site is hosted on webserver.is there any way to delete some of files from that folder runtime. 


Create App_Data Folder Grayed Out?

  

I have a few questions regarding the "special" ASP.NET folders in Visual Studio web projects.

  1. Adding an App_Data folder in Visual Studio is present, but grayed out in my C# web project, why?
  2. What are the meanings of the various ASP.NET "special" folders?
    • App_GlobalResources
    • App_LocalResources
    • App_Data
    • App_Browsers
    • Themes - I know this is used to contain stylesheets for a particular theme and is then specified in the web.config or page (if I remember right).
    • App_Code - Were these classes that were pre-compiled?
  3. Do these ASP.NET folders retain their special meaning if you manually create a folder with the same name instead using the "Add ASP.NET Folder" feature in Visual Studio?

Add Database through App_Data Error- Connections to SQL Server Files (*.mdf) require SQL Express

  

I am trying to add a new database via the App_Data Folder and I receive an error described below.

I had attached an mdf file to try to use it in SQL Server 2008 Developer and Visual Studio 2010, which was is included in a book's lesson.  Whenever I try to add a database within the App_Data Folder I get an error.

I can create a db by attaching an mdf via SQL Server Mgmt Studio, it connects fine, and I can see tables.

Mgmt Studio- Right Click Databases, Attach, Add, then once mdf is located:

The mdf file location, Database Name, Attach As, -- are all the same:

CHAPTER13\USEWEBPARTS\USEWEBPARTS\APP_DATA\ASPNETDB.MDF

Do I need to change the Database Name?

Visual Studio- Server Explorer connects fine to mdf OR regular Database, I can see the tables.

However when I attempt to add ANY TYPE OF SQL SERVER DATABASE through the App_Data folder I receive this error "Connections to SQL Server Files (*.mdf) require SQL Server Express 2008 to function properly.  Please verify the installation of the component or download from the URl."

I tested this for both a normal dbo (non mdf) and the mdf.dbo I attached before, with the same error!

Im running XP SP3 w/ Visual Studio 2010 and SQL Server 2008 R2 Developer.  I had previously removed SQL Server Express.


Error to Add a Database to a Visual Studio 2010 Project via the App_Data Folder

  

I am trying to add a new database via the App_Data Folder and I receive an error described below.

When I attempt to add ANY TYPE OF SQL SERVER DATABASE through the App_Data folder I receive this error "Connections to SQL Server Files (*.mdf) require SQL Server Express 2008 to function properly.  Please verify the installation of the component or download from the URl."

I can create a db via SQL Server Mgmt Studio, it connects fine, and I can see tables.

Visual Studio- Server Explorer connects fine to the Database, I can see the tables.

Im running XP SP3 w/ Visual Studio 2010 and SQL Server 2008 R2 Developer.  I had previously removed SQL Server Express.

Why cant I access the database within my project, when Im able to connect to this fine within Visual Studio Server Explorer?


copy a folder and subfolders + files from remote location to local drive

  

Hi,

i am making a windows application( C#.Net) in which there is a folder placed at remote location( on other computer). this folder contains files + subfolders inside it. i need to copy all the files and subfolders present inside this main folder to my local drive. How can i do this. 

Thanks in advance


Error to Add a Database to a Visual Studio 2010 Project via the App_Data Folder

  

I am trying to add a new database via the App_Data Folder and I receive an error described below.

When I attempt to add ANY TYPE OF SQL SERVER DATABASE through the App_Data folder I receive this error "Connections to SQL Server Files (*.mdf) require SQL Server Express 2008 to function properly.  Please verify the installation of the component or download from the URl."

I can create a db via SQL Server Mgmt Studio, it connects fine, and I can see tables.

Visual Studio- Server Explorer connects fine to the Database, I can see the tables.

Im running XP SP3 w/ Visual Studio 2010 and SQL Server 2008 R2 Developer.  I had previously removed SQL Server Express.

Why cant I access the database within my project, when Im able to connect to this fine within Visual Studio Server Explorer?


Categories: 
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend