p2p.wrox.com Forums

Need to download code?

View our list of code downloads.

  Return to Index  

aspdotnet_website_programming thread: FileManager Download.aspx missing security

Message #1 by "Claude Wynne" <claudew@i...> on Wed, 19 Feb 2003 12:23:00 -0800
I've added the following to the Page_Load method in my download.aspx.cs
class in the FileManager module:

			// do not allow user to manage files if the user
is not authenticated
			// or does not have the proper permission
			bool canAdministerFiles 
(Context.User.Identity.IsAuthenticated && 
				(Context.User is SitePrincipal) &&

				// if not, redirect to the Login page
Response.Redirect("/Modules/Users/Login.aspx?ShowError=true", true);


Without this, anyone could enter something like the following :

Anyone who has read this book and recognized that your site was based on
it would know about the existence of this file.


  Return to Index