GetXmlDocumentByUrl - from restricted anonymous access folder
Hi all , not sure this is doable or not, I need to create a folder under root of the web site ,and restric access to annonymous users. I would like to save xml file in that folder , then create xslt macro to read data from that xml file.
but if some one try to access url directly should not be accessible.
I havent tried this, so can't tell you if the security aspect of it works, but as far as I know, .config files are not accessible from direct HTTP requests (i.e. from a browser). So name your file .config instead of .xml and use the built-in document() function to read it:
<xsl:variable name="restrictedFileRootElement" select="document('../ssshhh-secretfolder/rocket-science.config')/*" />
<!-- Display some data from the file -->
<xsl:template match="/">
<p>Root element in file is: <<xsl:value-of select="name($restrictedFileRootElement)" /></p>
<p>Number of children: <xsl:value-of select="count($restrictedFileRootElement/*)" /></p>
</xsl:template>
In asp.net your secure data should be placed inside App_Data folder. Data in this folder is not accessible from website, only asp.net app can access it.
It is also reason to umbraco put it's data here :-)
GetXmlDocumentByUrl - from restricted anonymous access folder
Hi all , not sure this is doable or not, I need to create a folder under root of the web site ,and restric access to annonymous users. I would like to save xml file in that folder , then create xslt macro to read data from that xml file.
but if some one try to access url directly should not be accessible.
is this possible ? I am using Umbraco 4.7.1.1
Hi pat,
I havent tried this, so can't tell you if the security aspect of it works, but as far as I know, .config files are not accessible from direct HTTP requests (i.e. from a browser). So name your file .config instead of .xml and use the built-in document() function to read it:
<xsl:variable name="restrictedFileRootElement" select="document('../ssshhh-secretfolder/rocket-science.config')/*" /> <!-- Display some data from the file --> <xsl:template match="/"> <p>Root element in file is: <<xsl:value-of select="name($restrictedFileRootElement)" /></p> <p>Number of children: <xsl:value-of select="count($restrictedFileRootElement/*)" /></p> </xsl:template>/Chriztian
wow , that's worked ... brilliant
thanks
In asp.net your secure data should be placed inside App_Data folder. Data in this folder is not accessible from website, only asp.net app can access it.
It is also reason to umbraco put it's data here :-)
Petr
@Petr: You are of course totally right about that - thanks! :-)
So we should be able to change the variable to this instead:
<xsl:variable name="restrictedFileRootElement" select="document('../App_Data/rocket-science.xml')/*" />/Chriztian
is working on a reply...