Re: [izwebfilemanager] How to block access for files and folders when referring path from web browser?

[Igor Zelmanovich]

You can handle each request with 'begin_request' event. It works with static files as well in integrated mode.

Just check requesting path and perform permission check based on it.

Igor Zelmanovich

On Tue, Feb 11, 2014 at 12:34 PM, Zalan Tassaly <za...@bptech.dk> wrote:

Hey!

We had set up IzWebFileManager user access so different user can see different content etc. but we have noticed a security issue that when referring to a file from web browser it can still reach that file even though it not suppose to have access for that folder and the content of that folder.

In ex: 

if you refer to http://example.com/Files/example.doc you can still open the file.

Is there a way to prevent users to be able to do that?

Thanks,

Zalan

--
You received this message because you are subscribed to the Google Groups "izwebfilemanager" group.
To unsubscribe from this group and stop receiving emails from it, send an email to izwebfilemanag...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Samer Samman]

Dear Igor

How are you

Can you please explain more, i'm trying to give permissions to several users to access different folders (For read/write permissions)

If you can give a small example, it will be great and appreciated.

I've tried, and i'm tired..

Thanks in advance

[Igor Zelmanovich]

It is not a sample, but it might help:

http://stackoverflow.com/questions/989178/processing-static-files-via-httpmodule-in-asp-net

Igor Zelmanovich

For more options, visit https://groups.google.com/d/optout.