Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
 All Forums
 Community Forums
 Code Support: ASP.NET (Non-Forum Related)
 A protection problem

Note: You must be registered in order to post a reply.
To register, click here. Registration is FREE!
Before posting, make sure you have read this topic!

Screensize:
UserName:
Password:
Format Mode:
Format: BoldItalicizedUnderlineStrikethrough Align LeftCenteredAlign Right Horizontal Rule Insert HyperlinkInsert EmailInsert Image Insert CodeInsert QuoteInsert List
   
Message:

* HTML is OFF
* Forum Code is ON
Smilies
Smile [:)] Big Smile [:D] Cool [8D] Blush [:I]
Tongue [:P] Evil [):] Wink [;)] Clown [:o)]
Black Eye [B)] Eight Ball [8] Frown [:(] Shy [8)]
Shocked [:0] Angry [:(!] Dead [xx(] Sleepy [|)]
Kisses [:X] Approve [^] Disapprove [V] Question [?]

 
   

T O P I C    R E V I E W
thermal_seeker Posted - 30 June 2010 : 14:53:44
I have a "members" folder that requires a login to access the pages in there. (the UN's and PW's are authenticated from the DB for the forum)That works well and has no problems. The problem is.. if I create a folder inside the members one, whatever I put in there can be accessed without login... ie: here or here am I missing something??

Dave
9   L A T E S T    R E P L I E S    (Newest First)
thermal_seeker Posted - 02 July 2010 : 18:26:00
Thanks Huw, and you explained it well enough

I have been working on it (on and off) all day and getting error upon error. (the first one being I renamed the ashx file to .cs and the site is in vb!!... doh)

I stumbled across something this evening that doesnt require a class file, ashx file etc. it uses an inbuilt static file handler. All that is needed is a line in webconfig.. within the httpHandler tags

<add verb="*" path="*.pdf" type="System.Web.StaticFileHandler" />

it seems to work but I'm not sure if it's 100% correct (correct may not be the right word?)

your views would be appreciated

Dave
HuwR Posted - 02 July 2010 : 03:37:03
if iis wasn't mapped correctly it would either try to download the file or give a 40X error of some sort.

ok, your problem is that you have created a handle file (ashx) when what you really need to do is create a httpmodule, ashx files expect to be called in the same was as other asp.net files what you actually want is a httpmodule wich will basically trap any .doc files (either that or you need to add a rewrite rule to map all *.doc requests to your ashx file. try renaming your ashx file to a .cs file it should then recognise it as a handler type rather than a handler file

sorry if I haven't explained that too well :)

you will need to remove the webhandler tag from the top of the file too
thermal_seeker Posted - 02 July 2010 : 02:51:23
Yes Huw, I have tried a few things there but all return the parser error so I was assuming it maybe a problem with the handler?
I had a google around last night and although there are a few variations on the handler, the generic one that is created using VWD 2008 express is the one that brain dead's like me seem to use.

as a matter of interest... if I created a handler, modified the webconfig and uploaded it to the webserver, if the iis wasn't mapped correctly would an error be thrown up or would it just not work?

Dave
HuwR Posted - 02 July 2010 : 01:52:16
have you tried just DocHandler not App_Code.DocHandler
thermal_seeker Posted - 01 July 2010 : 18:06:26
I have a minor problem...

My host has done the mapping and I have created an httphandler (handler.ashx) residing in app_code

<%@ WebHandler Language="VB" Class="DocHandler" %>

Imports System
Imports System.Web

Public Class DocHandler : Implements IHttpHandler

Public Sub ProcessRequest(ByVal context As HttpContext) Implements IHttpHandler.ProcessRequest
context.Response.ContentType = "application/msword"
context.Response.Write("You must be logged in to access these files")
End Sub

Public ReadOnly Property IsReusable() As Boolean Implements IHttpHandler.IsReusable
Get
Return False
End Get
End Property

End Class


I have in my web config...

<httpHandlers>
<add verb="*" path="*.doc" type="App_Code.DocHandler"/>
</httpHandlers>

but am getting an error...
Parser Error Message: Could not load type 'App_Code.DocHandler'.

any ideas?

Dave
thermal_seeker Posted - 30 June 2010 : 18:16:49
Thanks Huw

it all makes sense now

Dave
HuwR Posted - 30 June 2010 : 17:26:14
thats because you need to tell iis that .net needs to handle them.

This may help http://www.windowsitpro.com/article/security-development/secure-resource-and-document-files.aspx or this http://aspnet.4guysfromrolla.com/articles/020404-1.aspx

thermal_seeker Posted - 30 June 2010 : 16:53:00
Web config

and Class1.vb that's in App Code (that you supplied Huw)

Having a little play around it seems that everything that ends .aspx is protected but every other extension isn't.

Dave
HuwR Posted - 30 June 2010 : 16:18:48
how have you set it up to require authentication ? can you post your code?

Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.03 seconds. Powered By: Snitz Forums 2000 Version 3.4.07