tags:

views:

224

answers:

4
+1  Q: 

http handlers not working on web server but works on localhost

i have a couple of xml files in my asp.net web application that i don't want anyone to access other than my server side code. this is what i tried..

<add verb="*" path="*.xml" type="System.Web.HttpForbiddenHandler" />

i wrote this inside the <httpHandlers>

it works well on the localhost but not in the server... the server without any hesitation displays the xml file... i have no idea how to proceed...

thanks in advance..:)

Update: the server has IIS6, windows server 2003

+2  A: 

You could put them in the special App_Data directory. Files inside this folder are not served.

Darin Dimitrov  2010-03-16 06:09:22
i don't think this is the perfect solution. It will work but is just a workaround.
ZX12R  2010-03-16 06:53:08
+1 for this answer; it is not a workaround, it is perfect usage of App_Data
bgs264  2010-03-16 12:06:53
+1  A: 

You should check what other handlers are active on the server and can affect the .xml files, including the generic ones like <add verb="*" path="*" ...

Also, check the server configuration as pointed here: httpHandlers Element (ASP.NET Settings Schema)

The Microsoft Internet Information Services (IIS) has its own model for mapping extensions to ISAPIs. For the mapping between a given application extension and its handler to take effect, the extension must be mapped in IIS to ASP.NET ISAPI. For nonstandard extension, such as custom extensions, you must configure IIS accordingly.

UPDATE: Protecting Files with ASP.NET

alexandrul  2010-03-16 06:23:36
i checked very well and there is nothing colliding with my specific handler
ZX12R  2010-03-16 06:47:00
@ZX12R: did you really check that xml files are mapped to ASP.NET ISAPI extension on the server?
alexandrul  2010-03-16 07:48:04
can you please tell me how to do a thorough check of mappings.?
ZX12R  2010-03-16 08:30:18
@ZX12R: updated the answer
alexandrul  2010-03-16 08:41:47
whoa..I live in shared server spaces..! i have no access to IIS..:(
ZX12R  2010-03-16 09:14:34
@ZX12R: then talk with the admins, they should help you
alexandrul  2010-03-16 09:32:32
i think that is the last resort.. i tried my best to find a solution without touching the IIS..:(
ZX12R  2010-03-16 10:21:10
@ZX12R since you are using an ASP.NET feature to restrict acces to the files, you MUST tell IIS to use ASP.NET for serving xml files. Or you could rename the xml files to an ASP.NET already handled extension (maybe something like abc.xml.aspx)
alexandrul  2010-03-16 10:49:16
I'm in the same situation, except that I need to restrict the access to xml files based on some criteria. The xml files are needed for some flash app : http://stackoverflow.com/questions/2630049/httphandler-and-xml-files
Frank  2010-04-13 14:16:02
A: 

What about using the <location> tag?

<configuration>
   <location path="something.xml">
      <system.web>
         <authorization>
            <deny users="*"/>
         </authorization>
      </system.web>
   </location>
</configuration>
Rahul Soni  2010-03-16 06:28:15
I don't think i understand completely. should the <location> tag be placed in configuration root.? i thought only one <configSections> element is allowed per config file. kindly bear with me and explain..
ZX12R  2010-03-16 06:45:03
Yes, in fact, I was suggesting to use location tag as mentioned in your web.config and point out the path of XML. Then in your auth tag, specify deny users = *. I haven't checked it, but I am hopeful that it should work
Rahul Soni  2010-03-16 06:53:38
it works in localhost but fails in the server..!!
ZX12R  2010-03-16 07:08:18
By any chance, can you send me your Application host config file?
Rahul Soni  2010-03-16 10:49:19
am really sorry...i can't..
ZX12R  2010-03-17 08:11:35
+1  A: 

IIS 6 & the Visual Studio built in Web Server register things a bit differently than IIS 7. If your host is running IIS 7, you may need to add your registration to the <system.WebServer> node in your Web.config file.

<system.webServer>
  <handlers>
    <add ... />
  </handlers>
</system.webServer>
Paul Alexander  2010-03-16 06:55:52
have updated my question... the server uses IIS6..
ZX12R  2010-03-16 07:09:12
If that's the case, @alexandrul's answer is probably correct. IIS handles all document requests directly unless mapped to another handler. Many hosting providers offer a control panel where you can map file extensions to specific handlers.
Paul Alexander  2010-03-16 07:58:40

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps