Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

File Security and Aspx pages Httphandler

Status
Not open for further replies.
lindaj52

lindaj52

Programmer
Joined
Aug 21, 2001
Messages
5
Location
US
I have this scenario :-
userid 66 has folder/66
userid 75 has a folder/75
do not want 66 to be able to access 75's files by changeing url.

After logging in, the user has an aspx page has a list of hyperlinks to different files Example(I do not want them to be able to change the url to which would be for another user.
aspx pages are protected but doc,pdf,txt files are not.
I created a custom httphandler but keep getting an "Unrecognized configuration section 'HttpHandlers'" Error with it.

I Would ask for any suggestions as to how to secure these files.I will paste my code if anyone is willing to help me.
 
Sort by date Sort by votes
Yes, please. Let's have a look.

-paul

penny.gif
penny.gif

The answer to getting answered -- faq855-2992
 
Upvote 0 Downvote
Here is the code for my httphandler

Imports System.Web
Imports System.Web.Security.FormsAuthentication

Namespace ASPXHandler
Public Class MyASPXHandler

Implements IHttpHandler

' Override the ProcessRequest method.
Public Sub ProcessRequest(ByVal context As HttpContext) _
Implements IHttpHandler.ProcessRequest


Dim Filename As String = context.Server.MapPath(context.Request.PhysicalPath)
Dim user
If context.User.Identity.IsAuthenticated Then
context.Response.Buffer = True
context.Response.Clear()
context.Response.WriteFile(Filename)
Else
context.Response.Write("Access Denied.")
End If
End Sub

' Override the IsReusable property.
Public ReadOnly Property IsReusable() As Boolean _
Implements IHttpHandler.IsReusable

Get
Return True
End Get
End Property
End Class
End Namespace

This is my code in my WebConfig

<authentication mode="Forms" >
<forms loginUrl="Login.aspx" />
</authentication>
<authorization>
<deny users="?" />
</authorization>

<httpHandlers>
<add verb="*" path="*.txt" type="ASPXHandler.MyASPXHandler, MyClassLibrary"/>
</httpHandlers>
 
Upvote 0 Downvote
This error is often caused by having the httphandlers section in the wrong place in web.config - make sure it's within the system.web section and not enclosed by any other tags (other than the parent configuration section).

After having these types of problems I now always put it at the bottom, right before "</system.web>".
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Makumbi256
  • Locked
  • Question Question
How to make days vertical and grid view editable using asp.net vb
Replies
0
Views
1K
Makumbi256
Makumbi256
G12Consult
  • Locked
  • Question Question
Javascript from Content Pages
Replies
0
Views
984
G12Consult
G12Consult
G12Consult
  • Locked
  • Question Question
Different landing pages for different roles
Replies
0
Views
1K
G12Consult
G12Consult
sugu1
  • Locked
  • Question Question
sound editing in web site to record, cut/trim, paste and save as wav file
Replies
0
Views
1K
sugu1
sugu1
WIREMESH
  • Locked
  • Question Question
Play mp4 files in asp.net 2.0 webforms application
Replies
0
Views
465
WIREMESH
WIREMESH

Part and Inventory Search

Sponsor

Back
Top