Hello to all
in my application after successful login user is redirected to his specific directory from where he can download some files. my problemis if i change username directly from the URL, it shows directory file of another user, which is not required. it must be secure that user must be unable to see the list of items present in anothers directory.

Please Help.

thanks......

__________________
thanks......

Well, that depends upon your coding logic how you prevent users from viewing details of another user, I guess you must be passing the username in querystring, and based on that fetching directory detail. Try to work on some other logic, hmmmm may be the use of a property to fetch the user detail for that user only.

Regards
Mike

Don't expect too much, too soon.

no i am not using any query string. i am checking the username and its corresponding same name directory if exists.if exists then it opens the new directory unless it goes to some default directory.
please guide how i cans ecure that directory not to be opened up by any other user.

thanks......

What mechanism are you using to delivery the listing of items in a directory? Are you reading them in an ASP.NET page and giving it to the user thru HTML or are you just passing user off to the raw directory and letting IIS delivery the directory list? The first way would allow you to create programmatic security, while the second would be more difficult. If you want to secure IIS you need to interact with the local machine's user directory and assign rights and such to the file system assets. This would be considerably more difficult than writing some ASP.NET pages to handle it.

-Peter

well
so far i am just checking whether directory corresponding to username exists or not if exists than application redirected to that directory. then if i copy the same url and open it in another browser it still allow me to download that file. i think you are right that i should go for option 1 to write it in .aspx page. well i using .aspx page c# in visual studio 2005. can you help me some syntax perspective what to be write.

regards,

thanks......

Use the various classes in System.IO to get file and directory list information.

System.IO.Directory.GetFiles() returns a string[] of full file names.

http://msdn2.microsoft.com/en-us/library/system.io.directory_members(VS.71).aspx

-Peter

I am having a hard time understanding how you are directing the users to their folder and missing other information so I will ask what everyone else is probably thinking.

Is this in a corporate network environment meaning everyone is authenticating to active directory or some type of windows domain?

Are you directing people via url to the files using "file://" prefix?

Are the folders secured meaning are you limiting access to them through local security on the server or machine?

This will give people a better idea how to point you in the right direction.

 Well i regards your concern.
when user login application checks for his lastname if it is corresponding to some hardcoded values then i redirect it to directory otherwise to some another page, if he is of different type.

the user have a directory corresponding to his hardcoded value against we are checking.

then my application redirected user to his directory from where he can download some files.
problem is:
if i copy URL from browser and than paste it it allows to download those files

how to solve this in coding is my main concern.
i have also a problem that if i put my directory in to external drive like d drive than how to check whether in d drive same name directory exists or not.
i am in a trouble from last many days.
Please help.

thanks......

Have you looked into the suggestion I made yet? I am getting the feeling you are repeating your problem to us, but aren't yet trying anything.

If you are going to proceed with the first option I suggested, then here's the basics of what you need to do:

In the page that will serve the request for directory listing, verify that the requested directory is allowed to be accessed the logged in user. It sounds like you only need to provide access to one directory for each user (that user's directory). If that's the case then you possibly don't even need to specify what directory is to be accessed because you can determine that by the user that is logged in. So then you need to access the directory for that user, get a file listing and display that to the user. Use the System.IO classes to get the directory information, then you can bind the list of files/directories to some list control. If you need to support drilling down into a directory tree, then things get a little more complicated because you need to be able to feed the page a relative path (i.e. the sub directory that the user selected to open) so that the page can then list the contents of that.

What is your level of expertise with ASP.NET and System.IO operations? This is the "professional" forum category but we can't assume what you are intimately familiar with. We are here to help you, but not to provide complete solutions so you'll need to get started with something. Browse thru the MSDN documentation I linked you to above to get an idea of what you can do with the System.IO classes.

-Peter