1-888-365-2779
+1-888-365-2779
Try Now
More in this section

Forums / Developing with Sitefinity / Giving Permissions to a Role on a Specific Folder

Giving Permissions to a Role on a Specific Folder

4 posts, 0 answered
  1. Salman
    Salman avatar
    18 posts
    Registered:
    07 Nov 2007
    28 Nov 2007
    Link to this post
    Hi,

    Is it possible to give restricted permissions to a role (created in SiteFinity) to access a Folder in Files module of SiteFinity?
  2. Pepi
    Pepi avatar
    981 posts
    Registered:
    31 Jan 2017
    29 Nov 2007
    Link to this post
    Hello Salman,

    Unfortunately Sitefinity does not provide such functionality at this moment. It isn’t possible to restrict access to specific folders. Currently the only way to manage Files permissions is from Administration -> Permissions -> Manage files. You can select a given role and allow or deny permissions on Files section for it. This limitation is in our TODO list and we have plans to implement it for some of the upcoming releases.

    Best regards,
    Pepi
    the Telerik team

    Instantly find answers to your questions at the new Telerik Support Center
  3. Jason M
    Jason M avatar
    108 posts
    Registered:
    15 Jan 2007
    08 Jan 2008
    Link to this post
    Hello Salman and Pepi,
     
    I have a solution for you guys.  All you need to do is make a few changes in IIS and add a Web.config file to the File section.
     
    Step 1:  Assign security to the folder
    Add a web.config to file to the folder in Files that you want to protect (~\Sitefinity3.1\WebSites\<YourProject>\Files\Protected\).  Here's a sample Web.config files allowing the "Admin" role to access the folder.  Note:  Alternatively you can also do this through IIS.

    <?xml version="1.0"?>

    <configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
        <
    appSettings
    />
        <
    connectionStrings
    />
        <
    system.web
    >
            <
    authorization
    >
                <allow roles="Admin"
    />
                <
    deny users="*"
    />
            </
    authorization
    >
        </
    system.web
    >
    </
    configuration>

    Step 2:   Add application extension mapping
    By default .NET DOES NOT PROTECT non asp.NET files (.pdf, , .htm, .doc, .ppt, .xls, etc), so you need to create a custom mapping in IIS.  To do this open the web site or virtual directory properties in IIS and navigate to Home Directory |  Configuration |  Mappings | Add.  Now you'll need to add the following mapping record for each file type (extension) you want to protect, in the example below its for a .pdf.
     
    Note:  In order to get the value for the executable section I just copied the value from the .aspx mapping.

    Executable:  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
    Extension:  .pdf
    All Verbs (selected)
    Script Engine (checked)
    Verify that file exists (checked)


    Step 3:  Add httpHandlers to your Web.config
    Opening your web sites Web.config file and add the following httpHandlers for the file types you want protected (~\Sitefinity3.1\WebSites\<YourProject>\).

    <httpHandlers>
        <add type="System.Web.StaticFileHandler" path="*.pdf" verb="*" validate="true"
    />
    </httpHandlers>

    Now your files are protected!!!   Anyone trying to access this files must pass through your authentication.  Let me know if this works for your or if you need any help configuring this.

    My Sources:
    http://www.tod1d.net/blog/2005_01_01_tod1d_archive.html
    http://quickstarts.asp.net/QuickStartv20/aspnet/doc/tipstricks/default.aspx#securingnonaspnetcontent

    Hope this helps!
    J

  4. Pepi
    Pepi avatar
    981 posts
    Registered:
    31 Jan 2017
    09 Jan 2008
    Link to this post
    Hi Jason,

    Thanks a lot for the provided solution and its detailed explanation. As a note of gratitude, your Telerik points have been updated.

    Greetings,
    Pepi
    the Telerik team

    Instantly find answers to your questions at the new Telerik Support Center
Register for webinar
4 posts, 0 answered