Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 Community Forums
 Code Support: ASP.NET (Non-Forum Related)
 A protection problem
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

thermal_seeker
Junior Member

United Kingdom
430 Posts

Posted - 30 June 2010 :  14:53:44  Show Profile  Reply with Quote
I have a "members" folder that requires a login to access the pages in there. (the UN's and PW's are authenticated from the DB for the forum)That works well and has no problems. The problem is.. if I create a folder inside the members one, whatever I put in there can be accessed without login... ie: here or here am I missing something??

Dave

No good at coding, but I can plough a field !!

HuwR
Forum Admin

United Kingdom
20550 Posts

Posted - 30 June 2010 :  16:18:48  Show Profile  Visit HuwR's Homepage  Reply with Quote
how have you set it up to require authentication ? can you post your code?

MVC .net dev/test site | MVC .net running on Raspberry Pi
Go to Top of Page

thermal_seeker
Junior Member

United Kingdom
430 Posts

Posted - 30 June 2010 :  16:53:00  Show Profile  Reply with Quote
Web config

and Class1.vb that's in App Code (that you supplied Huw)

Having a little play around it seems that everything that ends .aspx is protected but every other extension isn't.

Dave

No good at coding, but I can plough a field !!
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20550 Posts

Posted - 30 June 2010 :  17:26:14  Show Profile  Visit HuwR's Homepage  Reply with Quote
thats because you need to tell iis that .net needs to handle them.

This may help http://www.windowsitpro.com/article/security-development/secure-resource-and-document-files.aspx or this http://aspnet.4guysfromrolla.com/articles/020404-1.aspx


MVC .net dev/test site | MVC .net running on Raspberry Pi
Go to Top of Page

thermal_seeker
Junior Member

United Kingdom
430 Posts

Posted - 30 June 2010 :  18:16:49  Show Profile  Reply with Quote
Thanks Huw

it all makes sense now

Dave

No good at coding, but I can plough a field !!
Go to Top of Page

thermal_seeker
Junior Member

United Kingdom
430 Posts

Posted - 01 July 2010 :  18:06:26  Show Profile  Reply with Quote
I have a minor problem...

My host has done the mapping and I have created an httphandler (handler.ashx) residing in app_code

<%@ WebHandler Language="VB" Class="DocHandler" %>

Imports System
Imports System.Web

Public Class DocHandler : Implements IHttpHandler

Public Sub ProcessRequest(ByVal context As HttpContext) Implements IHttpHandler.ProcessRequest
context.Response.ContentType = "application/msword"
context.Response.Write("You must be logged in to access these files")
End Sub

Public ReadOnly Property IsReusable() As Boolean Implements IHttpHandler.IsReusable
Get
Return False
End Get
End Property

End Class


I have in my web config...

<httpHandlers>
<add verb="*" path="*.doc" type="App_Code.DocHandler"/>
</httpHandlers>

but am getting an error...
Parser Error Message: Could not load type 'App_Code.DocHandler'.

any ideas?

Dave

No good at coding, but I can plough a field !!
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20550 Posts

Posted - 02 July 2010 :  01:52:16  Show Profile  Visit HuwR's Homepage  Reply with Quote
have you tried just DocHandler not App_Code.DocHandler

MVC .net dev/test site | MVC .net running on Raspberry Pi
Go to Top of Page

thermal_seeker
Junior Member

United Kingdom
430 Posts

Posted - 02 July 2010 :  02:51:23  Show Profile  Reply with Quote
Yes Huw, I have tried a few things there but all return the parser error so I was assuming it maybe a problem with the handler?
I had a google around last night and although there are a few variations on the handler, the generic one that is created using VWD 2008 express is the one that brain dead's like me seem to use.

as a matter of interest... if I created a handler, modified the webconfig and uploaded it to the webserver, if the iis wasn't mapped correctly would an error be thrown up or would it just not work?

Dave

No good at coding, but I can plough a field !!
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20550 Posts

Posted - 02 July 2010 :  03:37:03  Show Profile  Visit HuwR's Homepage  Reply with Quote
if iis wasn't mapped correctly it would either try to download the file or give a 40X error of some sort.

ok, your problem is that you have created a handle file (ashx) when what you really need to do is create a httpmodule, ashx files expect to be called in the same was as other asp.net files what you actually want is a httpmodule wich will basically trap any .doc files (either that or you need to add a rewrite rule to map all *.doc requests to your ashx file. try renaming your ashx file to a .cs file it should then recognise it as a handler type rather than a handler file

sorry if I haven't explained that too well :)

you will need to remove the webhandler tag from the top of the file too

MVC .net dev/test site | MVC .net running on Raspberry Pi
Go to Top of Page

thermal_seeker
Junior Member

United Kingdom
430 Posts

Posted - 02 July 2010 :  18:26:00  Show Profile  Reply with Quote
Thanks Huw, and you explained it well enough

I have been working on it (on and off) all day and getting error upon error. (the first one being I renamed the ashx file to .cs and the site is in vb!!... doh)

I stumbled across something this evening that doesnt require a class file, ashx file etc. it uses an inbuilt static file handler. All that is needed is a line in webconfig.. within the httpHandler tags

<add verb="*" path="*.pdf" type="System.Web.StaticFileHandler" />

it seems to work but I'm not sure if it's 100% correct (correct may not be the right word?)

your views would be appreciated

Dave

No good at coding, but I can plough a field !!
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2019 Snitz™ Communications Go To Top Of Page
This page was generated in 0.08 seconds. Powered By: Snitz Forums 2000 Version 3.4.07