.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Disallow Direct Access To Files

Posted By:      Posted Date: August 21, 2010    Points: 0   Category :ASP.Net


Here is my dilema, on my site i have a WordPress Audio player (http://wpaudioplayer.com/standalone) that plays my mp3's.

It loads the Mp3's in by javascript...example below:

       AudioPlayer.embed("audioplayer_7", { soundFile: "/Files/Music/[name of file].mp3" });

This file name is clearly visible in the browser source. Not a problem, however this means that any user can legitimately browse to the file directly and download it.

Now i still need the mp3 player (which is flash) to have access to the file but if a user was to try accessing the file directly, they would not be allowed access to it.

I am not sure how to go about this, i am circling the idea of a httphandler but not sure if this is sufficiant to stop the direct access to the file.

Any help would be appreciated

View Complete Post

More Related Resource Links

Wrong Account being used to access files - Help - No Impersonation


I run a simple .aspx website on a Windows Server 2008 machine.

There is NO impersonation, and System.Security.Principal.WindowsIdentity.GetCurrent().Name returns NT AUTHORITY\NETWORK SERVICE, which it the account which the application pool runs. In my web.config, I have <authentication mode="Forms">.


I tried to test the security of the application and server by removing file permissions to the .aspx files. I was greatly worried when the website continued to run without problem (it should not have been able to read the .aspx files).

By turning on file level auditing, I discovered that the .aspx files were being read by the machine$ account (if the machine is called Serv1, then the files would be read by the Serv1$ account, which seems to have access to all files on the local machine).


Is this a security breach or is this behaviour by design ?

Please can somebody assist, as I am worried.

DIME: Sending Files, Attachments, and SOAP Messages Via Direct Internet Message Encapsulation


Direct Internet Message Encapsulation (DIME) is a new specification for sending and receiving SOAP messages along with additional attachments, like binary files, XML fragments, and even other SOAP messages, using standard transport protocols like HTTP. In this article, the author explains what DIME is and how it differs from MIME encapsulation. A detailed description of the message format and how it is parsed, as well as working with SOAP and extending it with WSDL, is also included.

Jeannine Hall Gailey

MSDN Magazine December 2002

Web Service Unable to access Directory (Temporary ASP.NET Files) CS0016

QuestionMoving web service to a production level server. This is not a new server, but is new to running an ASP.NET 2.0 web service. No other websites or services existed on this server.

Installed .Net 2 and specified that ASP is registered for 2.0 using aspnet_regiis. Installed missing components such as Front page extensions. When I try to browse to the services asmx page I get the error saying that the process has a compilation error and cannot access the asp.net temp directory under the 2.0 Framework. I looked at the directory and it appears that the asp.net process and others have correct access.

Note a basic asp.net page will come up as well as a basic html page.

All comments are welcome.

  • .Net 2
  • ASP.NET aspnet_regiis specifies .Net 2 as root
  • C#
  • IIS6
  • Windows Server 2003 SP1

Access to update application files stored in Program Files, restricted on a Windows 7 device when us


Hi all,


I'm here to solve a problem, and that is our application, which speaks to a central server on startup, checks for updates and if found, updates its local files (stored in Program Files) with those pushed from the central server.  Currently, we are getting access denied exception when this updater tries to add/edit files in this special directory.  What I am looking for is a way to accomplish this updating process without moving these application files to a different location.

Unable to access files on web server, going crazy!


I have a computer running visual web developer express 2008 that does not access most files on my web server. The file tree is there but when I try to open a file "unable to get file ----- from the web server" appears. I have uninstalled, cleaned, searched for answers but am not able to fix the issue. This happened 4 days ago. Other computers running same software can access the files. Linux RH-Ent web server (if it matters) Any help appreciated.

Microsoft Office Excel cannot access the file 'C:\inetpub\wwwroot\ProjectWebSite\Files\ROUTINE_MCA.


Hello everybody.

I am in a critical situation. I first tried to make a project (file->new->project) using visual studio, where I displayed the content of a excel file by GridView. I was successful then, but when I attach it to my website located in inetpub I am getting this error :

Microsoft Office Excel cannot access the file 'C:\inetpub\wwwroot\ProjectWebSite\Files\ROUTINE_MCA.xlsx'. There are several possible reasons:

. The file name or path does not exist.
. The file is being used by another program.
. The workbook you are trying to save has the same name as a currently open workbook.

At first I faced some COM related problem and found solution in Google, but this particular problem is not solving. Is there any way to access Excel document in asp.net website?

In my application there is a facility of uploading excel document to the server and then display its content. But I have failed to do this display operation, is there any turn around way, like store the excel document as dataset and then access it as required.

Please help. I am in great trouble. Thanks in advance.

upgarde accdb (access 2007) files to SQL EXPRESS 2008 R2


Is there a program that I can download that aids in converting an access (accdb) file to sql express 2008 R2?

Thank you


Multiple user access for files


Dears ,


I am building a web-application that uses xml files to send them to Web-Services , and the application will be used by alot of users i have the files in my directory , and before continueing development I was thinking about when several users will use the same xml file at the same time knowing that , the users will have to ( read , write ) on these files , so if one user is writing on the file and another one will read from it we will have a bit confilict here . Please advice urgently .



I thought of copying the whole xml file TEXT and placing it as a string in the application but if i have to use like 10 xml files this will be a big performance issue i guess.



Thank you.

Help with authorization in web.config to deny access to files in a folder



I have a web site that has a folder called Files that contains PDF files.  These PDF files should not be accessible to people who have not signed in to the web site. 

The login URL is www.mysite.com/Account/Login.aspx and the register URL is www.mysite.com/Account/Register.aspx. 

Once the person is signed in they can go to www.mysite.com/Documents/Documents.aspx.  This page has a gridview that lists the PDF files in the Files folder with a link to them.  If the person is not signed in, he/she can't view this Documents.aspx page.  However, if anyone has the URL to the PDF files, they can view those files without having to sign in.

How can I prevent someone from accessing the PDF files in this folder?

The site is hosted on GoDaddy using IIS 6.0.

Thanks in advance.

Prevent direct access to embedded page


Im using an aspx page as the srcl for an image in the host page to serve a dynamically generated image to the user based on parameters they supply


<img alt="" src="generateimage.aspx" id="imagegen"/></div>

Id like for people only to access the content via default.aspx and not the dynamically generated content generateimage.aspx. Any attempt to browse here directly should be redirected to an error page

Sorry if this is basic but any help would be gratefully appreciated

Read Access Files from Folder with SSIS

Can some body suggest how to read access files from folder location and insert the data from access Db table to Sql 2008

Access files on different server


Brief Description: I want to be able to use my asp.net application to access files on another server used as a file system(storing .pdf, .xls, .doc files etc.).

In Depth Description: Right now the web page has a gridview.  The gridview has links to documents using paths like \\servername\filename.  Our server guys said that this method would be using a CIFS protocol and would not work.  That we would need to set it up so that the application accesses the file through a service account or something.  Does this make sense to anyone and can any provide a more in depth explanation.  What would we have to change programatically to have our .net application access files on another server?

Direct Link to a Sharepoint 2010 file from Access, Excel, etc


Hi...our organization is upgrading to sharepoint 2010 from an earlier version.  In the earlier version, it was very easy to link to a document in a sharepoint library, from MS Access or Excel.  But now, on 2010 version, simply linking to the URL of the document no longer works.  It's like the file does not really exist in the location noted if you grab a shortcut URL.

Does anyone have any idea how we can continue to link to sharepoint 2010 documents, so all of our nicely linked access and excel processes continue to work

Hopefully I am making sense?



Accessing Excel\Access files through Sql Server 2008 R2 Stand 64 BIT



This has been just such a pain with 64 bit! Data Access!!  I have been unable to use linked servers from SQL server to access files because there is no Jet 64 bit. Now, I have been using bulk insert statements.  These are working ok, but for some uknown reason, for a certain .csv file I am getting unexpected end of line errors.  I have tried many things to no resolution..

How can I get linked servers to work with SQL Server 64 bit for excel and access?  Why would microsoft leave this out??



FileUpload works fine, but uploaded files have restricted access



I'm using the asp FileUpload control, which uploads the files just fine. However, once the file is in the system (say a pdf) it can't be accessed from the web... I check the file security and access to the file is restricted. But no folder that it's in is denying access to web users.. So how can I stop this auto-deny-access from happening?

Cannot connect 2010 Access 2010 Excel or PowerPivot to Mobile SQL(SQL Server Compact) - SDF files

I've believe I've installed everything to read Mobile SQL .SDF files.  I've insalled Sql Server Management Studio, Sql Server 2008 R2, .NET 4.0 Framework and just about everything else I've read to see the contents of an .SDF file created for what I read directly from these product sources as this DotNet Compact Framework is the greatest new SQL stuff on the planet.  I can connect using the Management Studio and see the TABLE Stucture easy enough and I can query using some simple SQL Commands from the Management Studio but what really bugs me is if this is all so wonderful, how come I cannot connect to what the SQL Server 2008 R2 Server type "SQL Server Compact" Authentication: "SQL Server Compact Authentication in Office 2010 Access, Excel or even "WOW" PowerPivot!  I've run across a couple 3rd party .SDF Readers - one that exports to Excel such as flyhoward.com  I'm growing old with all the work around import export stuff and just want to use PowerPivot to  excersise the data......or should I use something that actually works like Tableau??

Why would anyone think going thru a Web Server to access SQL is more secure than direct to SQL?


Help me understand why PCI compliance requires that any access to a SQL server MUST NEVER be thru a public IP and can only be thru a public web server to a local SQL server (read two physically separate computers)?

I can't find ANY data that would suggest a public web server is any more secure than a public SQL server?  I read ONE reference to a security breach back in 2000, but that's hardly a justification to completely change one's IT infrastructure when the issue affect (as in were compromised) < 0.001 % of the SQL servers in existance.

I have an SQL 2008 server behind a hard firewall and router so public address is thru a non-standard port.  My SQL servers also only accept SSL connections with certs from a well known CA and those connection are NOT "user" connections (in the traditional sense), they're application connections (yes the code is obfuscated and 40 character passwords).

I can't find ANY data that proves web server to sql server as being more secure than direct to SQL server.  In fact, if one compromises a web server, not only can you gain access to that server put most likely many more local servers.  It's just a crazy idea from people (i.e. VISA/Mastercard etc.) that just don't understand the technology nor the problem.

The ONLY data I've seen is that most unauthoriz

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend