CODEWITHSUNDEEP
asp.net.netfile-ioweb-applicationsfile-permissions
pvaju896
pvaju896

Reputation: 1417

How To Rectrict Access to the Files in File System(ASP.NET Web application directory)?

am working on a ASP.Net Web Applications. In that user can upload documents and they can view the same when they required. These uploads kept in the file system(path:- WebApp/Uploads/Docs). This will be served to users only if they are the owners of the document Or upload.

My Question Is: The file with this WebApp/Uploads/Docs/Doc1.doc
path must be accessed only by the Uploader/Owner of that document.

Other application user must be restricted from accessing this Path.

So, Can i have a check(User Is Owner Or Not) before this file served to other users.?

Upvotes: 0

Views: 99

Answers (2)

AMember
AMember

Reputation: 3057

I will advise you to keep the documents out of the web site directory since this exposes them to an unauthorized downloads.

as for the check that you need you can create a generic handler (*.ashx) for your documents that will validate the document owner and will serve the content only to permitted users.

HTTP Handlers and HTTP Modules Overview

Upvotes: 2

Xavier
Xavier

Reputation: 1794

You can achieve this via Web.config In web.config under add the element..

In the element, add the configuration element and the configuration element. Use the users attribute to specify a comma-delimited list of user names. You can use a question mark (?) as a wildcard character that matches any user name. For example, the following code denies access to all users except user1 and user2:

<authorization>
    <allow users="user1, user2"/>
    <deny users=”?”/>
</authorization>

Upvotes: 0

Related Questions