I have a asp.Net Website where we have implemented Forms Authentication.By using it PDF files in particular folder are accessible only to Authenticated users (Form Authentication).
I have another Website which provides links to user to download PDF files from above mentioned project (Note that this project too uses its own Form authentication).
But currently I am not able to access PDF files of first project via second project, So Can any one help me about how to access these form authenticated files from different Project.
Related
I have an asp.net application which does the following: loads data about audio files (file name, path and so on) from DB and shows them in table on the page. Application uses windows authentication (this cannot be changed).
I've added html 5 audio controls to my table cells so that users could play audio files without downloading them - actually, I don't want them to be able to download files at all.
Audio files come from two network-shared directories - one is accessible by all domain users, the second one is accessible only to specific user. Audio control requires the src to be a relative url - ok, fine, so I went to IIS manager and created two virtual directories under my application. For the second, highly protected directory, I'd set credentials which should have helped my application to access files.
Result seems quite strange to me: users see audio files from the first (accessible) directory preloaded and can play them; users cannot preload and cannot play files from the second directory with preset credentials.
Problem is definitely not in the audio src itself - it is well-formed. Seems like IIS is trying to access data in the second virtual directory under credentials of current domain user and not the one, whose login and password were set on folder setup.
Is there any way to overcome this problem? Unfortunately, granting access to this directory to all users is not a chance. Changing app pool identity to that same specific user also gave no results. App users and user account for the second folder are all in the same domain.
IIS access file via application pool identity not login user. So when you are running an application with network share directory, please change the app pool identity to a domain user that have permission to access both. Then you can restrict login user permission via authorization rule.
How can I show/embed a document folder from a SharePoint site on a separate intranet asp.net web app to allow users to download the documents and browse into subfolders? We do not want to allow any check-out or edits from the ASP site.
Back Story:
My company has a SharePoint set up to house Policies and Procedures for employees to use, and I have set up an ASP web forms site to house some simple tools that are commonly used & updated.
The issue that we are running into is that keeping the ASP app updated as the SharePoint changes becomes tedious as there are hundreds of documents that are updated quarterly.
The ideal solution would have a page on the ASP app, lets call "Documents" and when an user visits that, they are shown a list or list tree of documents & subfolders that are available for download from a specified "published" documents folder on SharePoint, or an embedded view of that folder from the SharePoint.
I have an asp.net website, using .Net 4.0, and IIS 7.5, and using Classic Pipeline Mode in the Application Pool.
I'm using forms authentication, and the authorization setting in the web.config at the root folder of the website allows all users.
In a subfolder's web.config, I am setting authorization for that folder and its contents to block all anonymous users.
There is a pdf file in that subfolder, and even though I am denying anonymous users, I can read the pdf file and download it.
I am trying to block anonymous access to pdf files, and all of the examples I've found on how to do this are not working for me.
How can I block anonymous access to pdf, word, excel, and other files?
I have many reports on JasperReports and they are embedded into our web app using iframe API. Some of the reports are scheduled to run everyday and store the generated files on JasperReports.
I want to embed the folder location on our web application so that User can see the report file listing in the web application.
http://${url}/jasperserver-pro/flow.html?_flowId=viewReportFlow&standAlone=true&_flowId=viewReportFlow&ParentFolderUri=/${location}/&reportUnit=/${location}/${reportName}&fromDate=&toDate=&decorate=no&j_username=${username}&j_password=${password}
The above link is being used to access report but I am not able to figure how to do the same for directories.
Please let me know if you require more information.
If you want to give users the access to all of the reports in your repository, you can pass the directory location into your URL instead of passing in the path to your report
I have a web app made in asp.net mvc3. There is a facility to upload and download files using the application. Uploaded files will be stored in some folder under web root. I want allow downloading files to those who have access to the files only. No one should be able to download the file by directly pasting in the file URL.
I use shared hosting with limited IIS access. So what would be the best way to achieve this?
How are you storing the data on the access rights currently? It sounds like you are not going to be able to make use of IIS to control access to your files and will have to handle it yourself.
As this is the case, rather than link to the file directly you should store the files outside of your web root and then handle requests coming in for files through ASP.NET MVC using a GET method. At that point you can check the user's credentials, and if they have access you can serve the file.
I'm not too familiar with it, but it looks like ASP.NET MVC makes serving up files very easy with the ability to return a FileContentResult, supported by the Controller.File method (documentation here).
This blog post looks like a great start, and you would just need to insert your credential-checking logic into the Get method.