restricting files with global.asax

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • shashi shekhar singh
    New Member
    • Aug 2009
    • 30
    #1

    restricting files with global.asax

    Respected Sir,

    I am really tired in solving of this issue that have been arises when i would like to restrict files to access only on my Test page , here i am retriving my files in iframe in Test page, problem occurs when a user authenticated themselves then they will be redirected on welcome page and he can access my files through welcome page on Browser by knowing my Folder Name. but i do'nt want to give permissions to access on welcome page using IBrowser i only want to give my files(.mht files) that should be accessed on iframe. So please help me out.
    this code as shown below doing pretty well in Visual studio "Debug mode but when i deploy this on iis 7.0 then it is not restricting my .mht files so please help , if you have any othe idea to protect then please give me .
    Code:
     string[] url_array = new string[100];
    string[] urlaspx = new string[15];
    int i = 0;
    int j = 0;

protected void Application_PostRequestHandlerExecute(object sender, EventArgs e)
   {
       string requestedurl = Request.Url.ToString(); ;
       string[] requestrrl = requestedurl.Split('.');
       if (requestrrl[requestrrl.Length - 1] == "aspx" || requestrrl[requestrrl.Length - 1] == "mht")
       {
           url_array[i] = requestedurl;

           //if (returnUrl == null) returnUrl = "Secured/login.aspx"; 
           string[] url = url_array[i].Split('.');

           if (url[url.Length - 1] == "aspx" )
           {
               string[] pageurl = url[url.Length - 2].Split('/');
               urlaspx[j] = pageurl[pageurl.Length - 1];
               if (urlaspx[j] == "Test")
               {
                   if (url[url.Length - 1] == "mht")
                   {


                   }



               }
               else if (url[url.Length - 1] == "aspx")
               {
                   if (urlaspx[j] != "Test")
                   {
                       j++;
                   }
               }
           }

           if (url[url.Length - 1] == "mht" && urlaspx[j] != "Test")
           {
               FormsAuthentication.RedirectToLoginPage();
               FormsAuthentication.SignOut();


           }
           i++;
       }
   }
    please help me out...

    from
    shashi shekhar singh
    Last edited by Frinavale; Jan 14 '10, 07:41 PM. Reason: Please post code in [code]...[/code] tags. Added code tags.
    Tags: None
    • Frinavale
      Recognized Expert Expert
      • Oct 2006
      • 9749
      #2
      Shashi, have you considered using forms authentication to authenticate your users?

      The user is authenticated before your site code is executed. ASP.NET checks if the user is permitted to use the resource before your code is executed...so that means that if the user logs in and is not allowed to use a resource...but they type the URL to the resource ASP.NET will redirect them to an error page stating that they aren't allowed access to the page/picture/resource that they are trying to access.

      -Frinny

        Comment

        • shashi shekhar singh
          New Member
          • Aug 2009
          • 30
          #3
          Yes I am using forms authentication to authenticate user and location path attribute is set to a SecureFolder where login welcome ,test and result pages are stored and in which also all the .mht files are stored.
          please it's urgent..

            Comment

            • sanjib65
              New Member
              • Nov 2009
              • 102
              #4
              Shashi, in the "secure" page you can use this kind of code so that user authentication can be checked.
              Code:
              protected void Page_Load(object sender, EventArgs e)
    {
        if (User.Identity.IsAuthenticated == false)
        {
            Server.Transfer("../Login.aspx");
        }
        if (Roles.IsUserInRole("Administrator") == false)
        {
            Server.Transfer("../unauthorized.aspx");
        }
    }

                Comment

                • Frinavale
                  Recognized Expert Expert
                  • Oct 2006
                  • 9749
                  #5
                  Ok I think that you just need to add an additional secure folder...(I could be wrong here because I don't have a very good idea about what your system's doing)


                  So you'll have publicly available content (like the Login page and maybe a Sign Up page).

                  Then you'll have a folder that contains the restricted content that users aren't allowed to access...

                  Then you'll have a folder containing the .mht files which is also restricted.

                  Each folder should have a web.config file in it where you can specify which users are allowed access to the information and deny anyone else.

                  -Frinny

                    Comment

                    • shashi shekhar singh
                      New Member
                      • Aug 2009
                      • 30
                      #6
                      Thanx a lot for your reply , but i am facing a problem not by web.config location path element , actually problem is that when forms authentication authenticates a user then they are allowed to acess all the folder and i am not able to restrict them and it's true that files should be accessed by user by giving their same credential as he is given in the login page, but i only want to restrict them to access these (*.mht) files only on my Test Page not on my Welcome Page or any other page redirects after login page....... looking for your reply...

                        Comment

                        • shashi shekhar singh
                          New Member
                          • Aug 2009
                          • 30
                          #7
                          Respected Sir,

                          I think in web.config by using <Httpmodules><H ttpmodules> and <httphandlers > <httphandlers > , i can restrict the file access from other pages, if you think so then please give me an idea how to do this actually this is really new for me ....

                          thanx a lot ..

                            Comment

                            • Frinavale
                              Recognized Expert Expert
                              • Oct 2006
                              • 9749
                              #8
                              Check out this video: Membership, Roles and Forms Authentication

                              -Frinny

                                Comment

                                Previous template Next
                                Working...