Developer forum

Forum » CMS - Standard features » files (pfd's) on extranet pages?

files (pfd's) on extranet pages?

Ton Martens
Reply
Hello,

How can be prevented, that files, for instance, pfd's, which are published on Extranet pages, can be accessed using the URL to the file?
We are confronted with a situation where public users (not logged in to the extranet) can access files directly by entering the URL to the file.

Thanks in advance,
Ton

Replies

 
Lars Britz
Reply
You can use the Secure-folder functionality:
http://manual.dynamicweb-cms.com/Dynamicweb-On-line-Manual/Management-Center/Modules/User-Management.aspx

Simply choose which folder that you want secured and then set the user-permissions on the folder. You will then also need to remove read-permissions on the IIS. This will prohibite anybody from downloading any files in the folder, unless they are logged in and use the dwsdownload.aspx component.
 
Ton Martens
Reply
Thanks,

But once you know the complete link that uses the dwsdownload.apx in the link, anyone can access the file. That's what we like to prevent.

Ton
 
Lars Britz
Reply
This post has been marked as an answer
If you know the exact path, either directly to the files-folder location or through DWSDownload.aspx, you will NOT be able to access the file. If so, then you have set it up incorrectly.

Follow these steps:
1. Remove the read-permission for the folder - Now you cannot access it at all (If you can, the read permissions are not removed)
2. Add the folder to the settings in the management center. The folder will now change icon in the files-archive.
3. Now add an extranet user or group to the allowed list of groups of the folder.

You can still not access it via http://solution.nl/files/filer/securefolder/yourfile.pdf, which is intentional.

BUT you can access it via http://solution.nl/Admin/Public/DWSDownload.aspx?File=files/filer/securefolder/yourfile.pdf

But only if you are logged in with the user or a user from the group that you have allowed access to the folder.
Votes for this answer: 0
 
Ton Martens
Reply
Hi Lars,

It seems to work, great! Thanks!
We now have another issue where we cannot add the usergroups we would like to, but that's something completely different.

Thanks for your time.

Ton
 
Lars Britz
Reply
No problem! 

By the way, regarding the other problem, try editing your globalsettings.aspx. Look for the section called something similar to "UseExtendedComponent", try just searching for "useex" and make sure that is set to "True". This should enable you to see the missing users and groups.
 
Ton Martens
Reply
 And.. thanks again ! :-)

What does this setting mean? And does it affect other functionality as well?

Ton
 
Lars Britz
Reply
It should not affect other parts of the system. It is simply a newer or "extended" manager for the users.

 

You must be logged in to post in the forum