Wrox Home  
Search P2P Archive for: Go
Shopping CartView Cart  |  My Account  |  Support
Home Browse Titles

P2P Archives
 

Archive Index
Back to Active P2P Forum

 


Wrox Chapters on Demand - Download the chapters you need and take them on the go!
Wrox First - Instant Access online to new Wrox books

New Titles for ASP.NET

Cover image for product 0470190647
DotNetNuke Websites Problem Design Solution
Cover image for product 0470391847
Jumping from ASP to ASP.NET
View Code Camp Videos - Presentations by Wrox Authors
  Return to Index  

aspdotnet_website_programming thread: FileManager Download.aspx missing security

Message #1 by "Claude Wynne" <claudew@i...> on Wed, 19 Feb 2003 12:23:00 -0800
I've added the following to the Page_Load method in my download.aspx.cs
class in the FileManager module:

			// do not allow user to manage files if the user
is not authenticated
			// or does not have the proper permission
			bool canAdministerFiles 
(Context.User.Identity.IsAuthenticated && 
				(Context.User is SitePrincipal) &&
	
((SitePrincipal)Context.User).HasPermission((int)FileManagerPermissions.
AdministerFiles));

			if(!canAdministerFiles)
			{
				// if not, redirect to the Login page
	
Response.Redirect("/Modules/Users/Login.aspx?ShowError=true", true);
			}



-----------------------------------------

Without this, anyone could enter something like the following :
http://localhost/thephile/Modules/FileManager/Download.aspx?Web.config.

Anyone who has read this book and recognized that your site was based on
it would know about the existence of this file.

  Return to Index  
About Wrox  |  Contact Us  |  Subscribe to an RSS Feed of New Wrox Titles
Copyright © 2000-2004 by John Wiley & Sons, Inc. or related companies. All rights reserved. Please read our Privacy Policy