Directory/File Permissions with ASP.NET
-
Hi guys! I have just created a simple user control which displays a directory listing of a specified root location on the server. I then discovered that the
Directory.GetDirectoriesandDirectory.GetFilesmethods ignore the access permissions of the logged in user. So, even though the user may not be able to view a particular resource, it is still being shown within the directory listing. What I want to do is somehow filter out directories and files which the user does not have access to. I am controlling directory/file access via 'Web.config' files. And this works a treat. I just cannot find an option to verify whether a user has access to a particular directory or not. Below is some pseudo-code which describes what I am trying to achieve, but I do not know what goes in the two if statements.string[] dirs = Directory.GetDirectories(rootPath);
string[] files = Directory.GetFiles(rootPath);// Fetch directories and files.
foreach (string dirPath in dirs)
{
if (Page.User is allowed to access dirPath)
{
// Render directory entry.
}
}
foreach (string filePath in files)
{
if (Page.User is allowed to access filePath)
{
// Render file entry.
}
}Any advice would be greatly appreciated :) Thanks, Lea Hayes
-
Hi guys! I have just created a simple user control which displays a directory listing of a specified root location on the server. I then discovered that the
Directory.GetDirectoriesandDirectory.GetFilesmethods ignore the access permissions of the logged in user. So, even though the user may not be able to view a particular resource, it is still being shown within the directory listing. What I want to do is somehow filter out directories and files which the user does not have access to. I am controlling directory/file access via 'Web.config' files. And this works a treat. I just cannot find an option to verify whether a user has access to a particular directory or not. Below is some pseudo-code which describes what I am trying to achieve, but I do not know what goes in the two if statements.string[] dirs = Directory.GetDirectories(rootPath);
string[] files = Directory.GetFiles(rootPath);// Fetch directories and files.
foreach (string dirPath in dirs)
{
if (Page.User is allowed to access dirPath)
{
// Render directory entry.
}
}
foreach (string filePath in files)
{
if (Page.User is allowed to access filePath)
{
// Render file entry.
}
}Any advice would be greatly appreciated :) Thanks, Lea Hayes
lhayes00 wrote:
I just cannot find an option to verify whether a user has access to a particular directory or not
By Web Princliples, a web user will never have access to any directory on Web Server. What you can do here is the impersonation.
Please remember to rate helpful or unhelpful answers, it lets us and people reading the forums know if our answers are any good.
-
lhayes00 wrote:
I just cannot find an option to verify whether a user has access to a particular directory or not
By Web Princliples, a web user will never have access to any directory on Web Server. What you can do here is the impersonation.
Please remember to rate helpful or unhelpful answers, it lets us and people reading the forums know if our answers are any good.
Hi, Let's assume that the series of web.config files allows the user 'Bob' to access anything and everything. If 'Bob' tries to access the URL "webserver.com/users/bob/picture.jpg", he can...if anyone else tries to access this file a not authorized page appears to the user. This part works fantastic. The
Directory.GetDirectoriesmethod returns an array of paths which are relative to the server itself (i.e. "c:\wherever\users\bob\"). I have just found out that I could use theUrlAuthorizationModule. This would mean doing something like the following:string[] files = Directory.GetFiles(path);
string rootPath = Page.ResolveClientUrl("~/filesroot");
foreach(string file in files)
{
string tempPath = file.Replace(rootPath, "~/filesroot/");
if (UrlAuthorizationModule.CheckUrlAccessForPrincipal(tempPath, Page.User, "GET"))
{
// Do rendering here...
}
}I have two questions: 1) Is there a better way of doing this, or a way which uses mapped paths instead of virtual paths? I tried using the
FileAuthorizationModulebut got completely lost as this takes anIntPtr tokeninstead of anIPrinciple. 2) What do you mean by impersonation? Thanks, Lea Hayes
