Post New Web Links

Secure Static Content

Posted By: Posted Date: September 24, 2010 Points: 0 Category :.NET Framework

Hi Everyone

We have a 3rd part application that consists of HTML reports/static images/gifs etc (different file types that are not known upfront) that are pushed periodically through a trusted source to a directory that is under our application (ASP.Net 2.0) virtual directory (IIS 6).

In our app we just need to display the first html file to each report (the html knows where it has it contect) etc. So a simple JS Iframe did the job.

However if someone knows the Virtual directory path (http:/App/Directory/Id1/Id2/....) they can browse to the images that can contain confidential data.

Is there any way of securing the files on the folder??

Thanks in Advance

Regards

Siddharth

View Complete Post

More Related Resource Links

How to dynamically secure content of reports

All

Is there any way of dynamically loading only specific data in a report based on the user who is accessing the report and their access rights which would be stored in different tables?

An example of this is a report of cost of mobile phone bills. Each person's phone bill is allocated to a cost centre, there are likely to be between 2 and 20 bills per cost centre. When a report is run we want to display only those bills that the user is allowed to see and the criteria would be (a) IT allowed to see all (b) the cost centre manager can see their own cost centre and (c) some specific people can see multiple cost centres. The information relating to the 3 different criteria is in 3 different tables.

Could anyone suggest a way to do this?

Thanks in advance!
Julia

JulesB

Same static content used at different places...

Hi Guys,

I've have treeview content which is static. But I need to use other treeviews with same content in different Windows of my application. I don't want to copy-paste it every time if I make any changes to the content. Is there any I can declare the contents & just refer it?

Example:

<TreeView Name="Categories> 
 <TreeViewItem Header="Fruit"> 
  <TreeViewItem Header="Orange"/> 
  <TreeViewItem Header="Banana"/> 
  <TreeViewItem Header="Grapefruit"/> 
 </TreeViewItem> 
 <TreeViewItem Header="Vegetables"> 
  <TreeViewItem Header="Aubergine"/> 
  <TreeViewItem Header="Squash"/> 
  <TreeViewItem Header="Spinach"/> 
 </TreeViewItem> 
</TreeView

I want to use the content of the above TreeView at different places in my application. How do I do it? I'm not storing these information in any database/file or any other source. Its manually typed.

Thank you.

Pages showing different static content

I have two aspx pages that both use the same master page. Master page is more or less the default from VWD 2010 web application (Site.Master).

So both page A and B have the same:

<%@ Page Title="Sample web app" Language="C#" MasterPageFile="~/Site.master" AutoEventWireup="true"
    CodeBehind="PageA/B.aspx.cs" Inherits="WebApp.PageA/B" %>

<asp:Content ID="HeaderContent" runat="server" ContentPlaceHolderID="HeadContent">,
    <link href="Styles/Table.css" rel="stylesheet" type="text/css" />
</asp:Content>

<asp:Content ID="BodyContent" runat="server" ContentPlaceHolderID="MainContent">
.
.
.
</asp:Content>

The difference when shown in web browsers is (tested on Chrome and Firefox) that PageB looks like it has one more blank row/space on top of the page. How is this possible?

Thx,

SharePoint Tutorial - Content Types

SharePoint content types provide users with a way to manage and organize content in a more meaningful way. It's a reusable of settings you want to apply to a particular type of document in a library or item in a list.

Enabling Users to Maintain SharePoint Content

When SharePoint is installed as a corporate intranet, there is a considerable amount of effort involved in maintaining the content to keep the site relevant. As we discussed in the first few parts of this series, SharePoint has many built-in features to reduce the burden on the site administrator.

Some areas of the site usually contain less-dynamic information. Internal memos and corporate policies are common examples of this information. One option for this information is to post these documents in a document library. Documents in a library are often stored in a few different formats: Word, Acrobat (PDF), or HTML. Each of these formats has its drawbacks.

Static Class for Beginners

In general, the members of a class can be accessed by instance of that class when they are in public, but there comes a situation to access or call members of a class without an instance and this can be achieved by declaring them as static

Application Vs. Content Pages in SharePoint

SharePoint has two types of ASPX pages. One type is the application page, also known as a _layout page. The other type of ASPX page is a content page, also known as a site page. Each of these page types is stored in a different location in SharePoint. When developers create custom ASPX pages, they must decide on the page type.

Enabling Users to Maintain SharePoint Content

Content Types in MOSS 2007

In this article I will try to describe the one of the best feature in Microsoft office Share Point 2007 called Content Types.

Content types are simply collection of contents.Each content in a Content type can have different settings.Basically it is a reusable collection of settings which you want to apply to a particular category of contents.

Content Query Web Part missing in SharePoint 2010

If you don't see content query web part listed in the web parts list, this is because you have not enabled "Search Server Web Parts" feature in site collection features. Enable this feature and content query web part will show in the list of web parts.

abstract away the source of the connection string using a class with a static property.

ASP.NET provides a configuration system we can use to keep our applications flexible at runtime. In this article we will examine some tips and best practices for using the configuration system for the best results.

The element of a web.config file is a place to store connection strings, server names, file paths, and other miscellaneous settings needed by an application to perform work. The items inside appSettings are items that need to be configurable depending upon the environment, for instance, any database connection strings will change as you move your application from a testing and staging server into production.

Encapsulation
Let's abstract away the source of the connection string using a class with a static property.

Unique content within master page based on conditions met

Hi all-

I would like to present users with unique content based on certain conditions being met as they land on the home page (default.aspx). The condition logic will be in the VB code behind Page Load event. The content will go in a content placeholder as specificed from the master page.

However, the content change wouldn't be something small (ie making a panel or label visible or not) but rather it will be different HTML, Divs and databound gridview content. The HTML content will be stored in the database.

Can someone point me in the right direction for best practices on how to accomplish this?

Thanks!

Passing Linq Statement between master and content page

I usually work with windows forms, and am just starting to work with ASP.Net, so appologies if this is a dumb question!

I have a master page which has a search button on it. The results of this are built up using a Linq statement and if there are any results, I want to display the results in a contents page.

On the masterpage, I have the following code:

Private _res

    Public Overridable ReadOnly Property SearchRes()
        Get
            Return _res
        End Get
    End Property

 Private Sub DoSearch()
   'some code to get a linq result
   'then

    If res.Any Then
            _res = res
            Server.Transfer("SearchResults.aspx", True)
        Else
            'no results
            LabelNoRes.Visible = True
        End If
 End Sub

On the SearchResults.aspx page I have this code.

Dim m As pxSite = CType(Page.Master, MasterPage)
        If m.SearchRes IsNot Nothing Then
            Label1.Text = "Results found = " & m.SearchRes.Count
        End If

m.searchRes is always nothing.

What am I doing wrong here?

Thanks

Secure or a Security Hole, hardening your Area

I've consoldated Levi's post on my blog entry Secure or a Security Hole, hardening your Area

Content page control passes as argument to javascript function

Here is the content page:

********************************************************************

<%@ Page Language="C#" MasterPageFile="~/MasterPage.master" AutoEventWireup="true" CodeFile="JavaDynamicCopyValue.aspx.cs" Inherits="JavaDynamicCopyValue" Title="Untitled Page" %>
<asp:Content ID="Content1" ContentPlaceHolderID="ContentPlaceHolder1" Runat="Server">
<script type="text/javascript" >
function copyValue(input, output )
{
   ouput.value = input.value;
   return true;
}
</script>
<asp:TextBox ID="txt1" runat="server" onchange="copyValue(this,document.getElementById('<%=txt2.ClientID%>'))"></asp:TextBox>
    <br />
    <br />
    <asp:TextBox ID="txt2" runat="server"></asp:TextBox>
</asp:Content>

********************************************************************

I got a javascript run time error says output is undefined. if I view source of the page, the txt1 markup became:

<input name="ctl00$ContentPlaceHol

NUnit and public static readonly

I have an app that I am testing with NUNit. The project im testing has several helper classes that are created as public static readonly. When I run the NUnit tests, they all fail with the same error

Systems.Code.Test.TransactionTest.CreateDataContext_ConnectionString_ReturnsDataContextObject:

SetUp : System.TypeInitializationException : The type initializer for 'Systems.Utils.ConstantHelpers' threw an exception.

----> System.NullReferenceException : Object reference not set to an instance of an object.

Systems.Code.Test.TransactionTest.CreateDataContext_ConnectionString_ReturnsDataContextObject:

SetUp : System.TypeInitializationException : The type initializer for 'Systems.Utils.ConstantHelpers' threw an exception.

----> System.NullReferenceException : Object reference not set to an instance of an object.

I kept getting this error despite stripping out all

Composite Control which contains arbitrary content defined in .aspx of parent and thier ViewState

I want to write own control which can contain other. And I want to define content of the control in the .aspx file where the control is defined. I have written such control. But now I have issue with ViewState of inner controls of my control. The following samle illustrates the issue: I defined two asp:DropDownList ID="ddl1" and ID="ddl2" One of them is inside of my control and other is outside. When posback is occurred asp:DropDownList ID="ddl1 loses state and becomes empty. How to say ASP.net to store state of inner controls defined by this way?

MyControl.ascx:

<%@ Control Language="C#" AutoEventWireup="true" CodeBehind="MyControl.ascx.cs" Inherits="DynamicControls.Controls.MyControl" %>

<div class="box">
    <div class="Header-Left">
        <div class="Header-Right">
            My Control
        </div>
    </div>
    <div class="Content">
        <asp:PlaceHolder ID="contentPlace" runat="Server" />
    </div>
&


Categories:

ASP.Net	Windows Application	.NET Framework	C#	VB.Net	ADO.Net
Sql Server	SharePoint	Silverlight	Others	All