locked
How to dynamically track all the users accessing specific folder used as storage location? RRS feed

  • Question

  • User-786564416 posted

    my system is a archiving system. the problem is that, when creating the storage folder, the usernames: (Administrators) of Windows, and (SYSTEM) are mandatory users for any folder. Thus, I have encrypted all the files after uploading by my .NET developed website.

    However, for more security, I want to apply Audit Policy on my storage folder, so that I can dynamically list all the users, specially the Windows administrators, when trying to access my server storage folder, that I use to keep uploaded encrypted files. That's because the only allowed users to access the folder is only through the website I developed, which also I need to be shown when in the list of accessing users.

    Is it possible to manage it dynamically using the VB.NET with Windows API or something like this ?

    Tuesday, March 26, 2019 10:13 PM

All replies

  • User-893317190 posted

    Hi alihusain_77,

    Not sure about your requirement.

    Your storage folder has been uploaded into your website , then your website should have control to your folder.

    If the user visit your website, you should have way to show he(she) whatever you want he(she) to see.

    Does a user have another way to visit the storage in your website?

    If you want to control access to your storage folder, I think you should maintain a permission system for your website.

    From your statement , 

    so that I can dynamically list all the users, specially the Windows administrators, when trying to access my server storage folder

    Do you mean you want to list all the users that are accessing the files in the storage folder?

    If you are developing a website, as soon as a user  visit your website, the content of your site will be returned to client side , which means the returned files have nothing to do with the file the user sees.

    So, it is hard to know who is  watching the files if the user is accessing the file through http.

    To be  secure , I suggest you could set up a permission system for your website to control access to your files in the storage using framework like Asp.net Identity.

    https://docs.microsoft.com/en-us/aspnet/identity/overview/getting-started/introduction-to-aspnet-identity

    Best regards,

    Ackerly Xu

    Wednesday, March 27, 2019 8:51 AM
  • User-786564416 posted

    I will explain it as following:

    • My website is located at the server:   E:\MyFolder\MyWebsiteApp
    • Storage Folder is located at the server:  E:\MyStorage\Folder1\

    When the website is running, it copies the files from E:\MyStorafe\Folder1 and unencrypt it and copy it into E:\MyFolder\MyWebsiteApp\Temp\ReadingFolder\

    what I want is that while I am reading the files from ….\Temp\ReadingFolder\  , for example ….\Temp\ReadingFolder\MyFile.pdf, I don't want any one else to access the foler ReadingFolder. Otherwise, if this is impossible, I want to list all the people who has made access to it.

    Is it clear?

    Wednesday, March 27, 2019 3:35 PM
  • User475983607 posted

    Your question/requirement is not clear and it does not seem to be an ASP.NET subject. 

    Ask your system admin to remove access to all users but your web application (user) for the folder in question.

    Wednesday, March 27, 2019 6:59 PM
  • User-786564416 posted

    Can the system admin remove himself from the access to the folder?

    Wednesday, March 27, 2019 8:24 PM
  • User475983607 posted

    Can the system admin remove himself from the access to the folder?

    A

    Ask your system admin for assistance.  This is a web site support forum and your question is out-of-scope.

    Wednesday, March 27, 2019 11:23 PM
  • User-786564416 posted

    Please don't make any comments if you don't have the answer. It is a troubling. I hope you understand it.

    Thursday, March 28, 2019 5:41 PM
  • User475983607 posted

    Please don't make any comments if you don't have the answer. It is a troubling. I hope you understand it.

    Please ask questions that are related the forum.  You'll find better support if you ask question in a related support forum.

    Anyway, I answered the question.  You can also password protect folders in windows.  Your system Admin should be able to assist you in coming up with an appropriate solution.

    Thursday, March 28, 2019 8:12 PM