locked
Allowing asp.net acces to folder RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-1767698477 posted

    I have a website which requires users to login to access pages in a folder. Under this folder is another folder which stores user info like uploaded avatars. 

    The same pages are in the root of the site also. And these pages are for people wishing to browse the forum pages without being a member and logging in. On this pages, how to I allow asp.net access to the users folder so it can retrieve the avatars uploaded into the site? Is this possible with a web.config file in the users folder? If so, how would it look to allow authenticated users and asp.net only?

    Saturday, February 13, 2016 5:32 AM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-219423983 posted

    Hi sking,

    sking

    On this pages, how to I allow asp.net access to the users folder so it can retrieve the avatars uploaded into the site? Is this possible with a web.config file in the users folder?

    As usual, if the web site wants to access a special folder, you could refer to the following links to assigning permissions to this special folder. But, the avatars are in the folder under the web site root, so you could access it directly.

    http://www.iis.net/learn/manage/configuring-security/application-pool-identities

    sking

    If so, how would it look to allow authenticated users and asp.net only?

    About how to set the authorization rules for the web site folders, you could read the following blog carefully and then modify the web.config file to do it. In your case, you could use

    <location path="XXXX"> //sepcial path
<system.web> 
<authorization>
<deny users="?"/> //will deny anonymous users </authorization> 
</system.web>
</location>

    to implement it.

    http://weblogs.asp.net/gurusarkar/setting-authorization-rules-for-a-particular-page-or-folder-in-web-config

    Best Regards,

    Weibo Zhang

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Saturday, February 13, 2016 7:16 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-219423983 posted

    Hi sking,

    sking

    On this pages, how to I allow asp.net access to the users folder so it can retrieve the avatars uploaded into the site? Is this possible with a web.config file in the users folder?

    As usual, if the web site wants to access a special folder, you could refer to the following links to assigning permissions to this special folder. But, the avatars are in the folder under the web site root, so you could access it directly.

    http://www.iis.net/learn/manage/configuring-security/application-pool-identities

    sking

    If so, how would it look to allow authenticated users and asp.net only?

    About how to set the authorization rules for the web site folders, you could read the following blog carefully and then modify the web.config file to do it. In your case, you could use

    <location path="XXXX"> //sepcial path
<system.web> 
<authorization>
<deny users="?"/> //will deny anonymous users </authorization> 
</system.web>
</location>

    to implement it.

    http://weblogs.asp.net/gurusarkar/setting-authorization-rules-for-a-particular-page-or-folder-in-web-config

    Best Regards,

    Weibo Zhang

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Saturday, February 13, 2016 7:16 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-1767698477 posted

    I have this as an actual web.config in the folder /users. This denies access to anonymous users but I still need to let asp.net access. Is this possible?  If not, then I'll just use a folder in the root to store the images.

    Sunday, February 14, 2016 6:22 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-219423983 posted

    Hi sking,

    This denies access to anonymous users but I still need to let asp.net access. Is this possible?

    Could you clarify what the “asp.net” means?

    I guess you want to deny the anonymous users, but the web site code could access the folder, am I right?  If so, as I said above, as the folder is a part of this web site contents, the code could access it directly.

    Here, I suggest that you’d better ask the users to log in before uploading their avatars and use “~/xx/xx” to get this folder.

    Best Regards,

    Weibo Zhang

    Sunday, February 14, 2016 7:25 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-1767698477 posted

    Yes, I meant so that the code can access the folder. I have designed it so they have to login to upload their avatars.

    Sunday, February 14, 2016 7:11 PM