I have created a page to upload pdf files to a file system. As an admin, I am suppose to be the only one accessing those files by clicking on any link to show the file. This is one of the files that I can access.
http://myDomainName.mySite.com/Uploads/1809_UL.pdf
BUT, if someone else knows the URL address, he/she can access to all my files. The Question, how can I secure accessing the files and ONLY allow specific authenticated users to access the files.
Related
In our web app, we enable users to upload files, and preview them. We also enable them to upload from their cloud drives, such as Google Drive, DropBox, and OneDrive.Most of our users are using OneDrive for businesses.
In order to show the selected files, we are saving embeddable links from the cloud drives, and embedding them in an iframe, that way the permissions, and authorization are in the cloud derive control.
I tried using the request: POST /drives/{driveId}/items/{itemId}/preview, after the user selects the file from the file picker, and I using the getUrl field from the response payload to embed the file into an iframe. (the getURL as src)
I noticed that the URL contains access_token, and I deleted it before saving it, and I noticed that the iframe still works fine, and allows only users with permission to see the file, is this is a good usage of that?
In the Graph API docs, driveItem:preview mention that the driveItem:preview request generates a short-lived URL, I would like to know what is the expiration of the link (hour, day, week, month, etc..).
is it short-lived only because of the access_token, and authorized users in Sharepoint/Onedrive will have access for the long term?
Are there any pitfalls that I didn't notice?
I have to be sure that it is a robust way for using that otherwise, I will save broken links, and the users will have to pick again all the files..
I'm trying to create a custom master page template in a SharePoint Online environment. I'm using the Design manager to upload the design files. I've mapped the network drive like the page described and can open and view the files, but I cannot upload files to the location. Every time I try I get the following error:
Error 0x800700E0: Access Denied. Before opening files in this
location, you must first add the website to your trusted sites list,
browse to the website, and select the option to login automatically.
I've added the site to the trusted sites list, as well as selected the option to login automatically. The WebClient service is also running.
How can I upload files to this location?
The only explanation I can think of is that I am logged into windows on a Microsoft account, and I use a different Microsoft account for SharePoint. I can map the network drive fine, but when I try and map it with the option "Connect using different credentials", and I use my SharePoint Online account, I get the same access denied error.
Thanks
Check permissions for the document library/folder in which you're trying to write files. Folders like _Layout which resides at root level sometimes do not allow access of write. Global administrators have full access to these folders but tenant or site collection administrators may not have its access.... For example try opening this link in browser https://yoursharepointsite.com/_layouts/15/fonts this is where font files are like Arial.ttf or Comic sans.ttf So if you want to add new font to your sharepoint online themes you'll have to add files here.
Do this open SP Designer -> open main site -> browse left side menu for your folder and try copying something. If you can copy files there you should be able to copy through your mapped drive.
Also when you mapped drive in Windows Explorer didn't it ask for credentials, where you had to give in your Office365 login email then it can't be an issue of your windows credentials messing up with anything.
In this circumstance, it was actually the Trusted Sites that I had added. I added 'mysite.sharepoint.com' as well as '*.sharepoint.com' to my trusted sites. As soon as I also added: '*.lync.com', '*.microsoftonline.com' and "*.outlook.com", I had no problems writing to the directory
The question in brief: How can I set up WebDav so that unauthenticated users can download files with a URL, but can't access a list or make changes to the share?
The long version:
I'm new to WebDav. I'd like to replicate the Dropbox/public folder functionality. That allows any user with the correct URL to download a file, but no unauthenticated user can access a list of the files in the subdirectory or make any changes to the public folder.
I'd like to be able to send my client a URL to a file for download without exposing the whole contents of the share and, importantly, without requiring the client to have a user id and password.
The WebDav directory should also not be alterable or viewable by anyone who doesn't have a user id and password.
The WebDav directory is isolated on my server and I can alter .htaccess files.
I want to give permissions for subfolders in Owncloud.
Example:
a user can edit and read all the files in a synchronized folder except some specific subfolders.
Im working with desktop client and web interface. Version: OwnCloud 8.0.3 (stable)
As far as I know a user has access to all his/her folders and files, plus any files that are shared with him/her by other users. You cannot restrict access to user's files if they are in that user's account.
My assumption is that you are an administrator and can create accounts, etc. A workaround might be the following, but it is a workaround and not the solution you've asked for:
If there are some files that you'd like more than one user, or only specific users to be able to view; you can share them using the web interface.
You could create a master user who has access to all files and then share with the other users from the master account.
If anyone knows any different to this please suggest an edit to my answer and I'll put it in.
I have set my the document and media portlet to be owner only permissions. However, I am able to use another user's download URL to download his files.
eg. copying
{mysite.com}/documents/323892/445802/{user1's file title}/2e8db841-9c7e-47ad-99c0-6496afd0ffad?version=1.1
and using the above URL as another user. Is there a setting to block this behavior?
In Documents and Media, the "VIEW" permission allows other users to download the file as they can VIEW them.
Please allow only "OWNER" to view the file and not to the "GUEST" or "USER".