+1-888-365-2779
Try Now
More in this section

Forums / General Discussions / Secure pages and documents

Secure pages and documents

5 posts, 1 answered
  1. Rene
    Rene avatar
    25 posts
    Registered:
    02 Feb 2009
    05 Mar 2010
    Link to this post
    Hi,

    I have a question regarding security of pages and especially documents. Within Sitefinity we develop a website, and as a subsite we will develop an Intranet. In this way Single SignOn is used to change both website and intranet.

    For Intranet you need to login before getting access to see all the information. This works fine. But, if we include a document from the file manager on a page, and someone enters the full URL of that document, you have acces to it without logging in.

    Is there a way to secure folders in the filemanager? Or do we have to use libraries to include documents on a page and if so, how can libraries be secured?

    Just wondering how we have to handle with this.

    Rene
  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    05 Mar 2010
    Link to this post
    Hello Rene,

    You can crate a custom HttpHandler that inherits from ContentHttpHandler class. Then override ProcessRequest where you can set who is allowed to access your files. You can do it per library
     
    sample

    public override void ProcessRequest(HttpContext context)
        {
      
            //restrict access to mylib
            string path = String.Concat(context.Request.ApplicationPath, "/libraries/Forbidden/");
      
            if (context.Request.RawUrl.StartsWith(path, StringComparison.OrdinalIgnoreCase))
            {
                //check whether the user is authenticated or not.
                RolePrincipal principal = context.User as RolePrincipal;
                if (principal == null
                    || !principal.Identity.IsAuthenticated
                    || !principal.IsInRole("Administrators"))
                {
                    throw new HttpException(403, "Access forbidden");
                    return;
                }
            }
      
            base.ProcessRequest(context);
        }

    Finally you need to replace the default ContentHttpHandler with the custom one in your web.config.

    Best wishes,
    Ivan Dimitrov
    the Telerik team

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
    Answered
  3. Rene
    Rene avatar
    25 posts
    Registered:
    02 Feb 2009
    05 Mar 2010
    Link to this post
    OK, thanks for the quick answer.

    Rene
  4. ming
    ming avatar
    8 posts
    Registered:
    26 Dec 2008
    26 Feb 2013 in reply to Ivan Dimitrov
    Link to this post

    I don’t see a ContentHttpHandler handler in my web.config???
    Below are all the HttpHandlers in my web.config.  I have Sitefinity 5.01.

      Thanks, Ming

    <httpHandlers>
    <remove verb="*" path="*.asmx" />
    <add verb="*" validate="false" path="Telerik.Web.UI.SpellCheckHandler.axd" type="Telerik.Web.UI.SpellCheckHandler, Telerik.Web.UI" />
    <add verb="*" path="Telerik.RadUploadProgressHandler.ashx" type="Telerik.Web.UI.Upload.RadUploadProgressHandler, Telerik.Web.UI" />
    <add verb="*" path="Telerik.Sitefinity.FilesDownloadHandler.ashx" type="Telerik.Sitefinity.Modules.Files.FilesDownloadHandler, Telerik.Sitefinity" />
    <add verb="*" path="Telerik.Sitefinity.LibrariesRadUploadHandler.ashx" type="Telerik.Sitefinity.Modules.Libraries.Web.LibrariesRadUploadHandler, Telerik.Sitefinity" />
    <add verb="*" path="Telerik.Sitefinity.ThumbnailUploadHandler.ashx" type="Telerik.Sitefinity.Modules.Libraries.Web.ThumbnailUploadHandler, Telerik.Sitefinity" />
    <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
    <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
    <add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false" />
    <add verb="*" validate="false" path="Telerik.Web.UI.DialogHandler.axd" type="Telerik.Web.UI.DialogHandler, Telerik.Web.UI" />
    <add verb="*" path="Telerik.Sitefinity.AsyncImageUploadHandler.ashx" type="Telerik.Sitefinity.Modules.Libraries.Web.AsyncImageUploadHandler, Telerik.Sitefinity" />
    <add verb="*" path="Telerik.Sitefinity.AsyncFileUploadHandler.ashx" type="Telerik.Sitefinity.Workflow.AsyncFileUploadHandler, Telerik.Sitefinity" />
    <add verb="*" path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource" validate="false" />
    <add path="Telerik.Web.UI.DialogHandler.aspx" verb="*" type="Telerik.Web.UI.DialogHandler" validate="false" />
    <add verb="*" path="Telerik.ReportViewer.axd" type="Telerik.ReportViewer.WebForms.HttpHandler, Telerik.ReportViewer.WebForms, Version=5.1.11.713, Culture=neutral, PublicKeyToken=a9d7983dfcc261be" />
    </httpHandlers>

  5. Patrick Dunn
    Patrick Dunn avatar
    237 posts
    Registered:
    03 Nov 2014
    01 Mar 2013
    Link to this post
    Hello Ming,

    This thread is regarding Sitefinity 3.7. This version of Sitefinity does not have the same architecture as your version. If you have questions regarding securing pages and documents in 5.x could you please open a support ticket or forum thread in the section that is not for 3.x and below.

    Thanks for your cooperation.

    All the best,
    Patrick Dunn
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
Register for webinar
5 posts, 1 answered