Executable files

From Sense/Net Wiki
Jump to: navigation, search
  •  
  •  
  •  
  •  
  • 100%
  • 6.3.1
  • Enterprise
  • Community
  • Planned

Overview

ASP.NET allows developers to create handlers and services (e.g. aspx, asmx files) that may contain source code and can be requested directly. This means for security reasons we have to be careful allowing the creation and execution of these kind of content. This page describes the different executable files that you may create in Sense/Net ECMS and the way they are executed.

Details

Sense/Net ECMS has very strict rules for executable files: for example you cannot have aspx files in the Content Repository as simple files, they must be instances of the ExecutableFile type. In the following sections you can learn about these restrictions and customization possibilities.

Creating executable files

If you want to upload an executable file to Sense/Net ECMS (see extension list below), you must have access (at least See permission) to the appropriate executable content type (see type list below) and the type has to be allowed on the target container. If you do not have permissions to the type, you will not be able to create or upload an executable file.

Denying the upload of an aspx file

This rule applies to the rename operation too: you cannot upload a file with a non-restricted extension (e.g. txt) and rename it to be an aspx file.

When you upload an executable file and you have all the necessary permissions, the file will get the appropriate content type automatically.

Executing executable files

When a user accesses an executable file, she has to have at least the following permissions for the content:

  • Open (without this the content would be inaccessible)
  • RunApplication

Please note the the user does not have to have access to the executable file content type to be able to execute the file. That is necessary only for admins and editors who will create these kind of files.

If the user does not have RunApplication permission for the file, but has Open permission, he will still be able to access the content, but it will not be executed: the user will see only the text of the file.

Executable file extensions

The currently defined executable file extensions are the following:

  • aspx
  • ashx
  • asmx
  • axd
  • cshtml
  • vbhtml

All files that have one of these extensions are considered executable files and must be instances of one of the executable content types (see type list below).

Executable content types

The currently defined executable content types are the following:

  • Executable file (inherited from File)
  • Web service application (inherited from Application)

It is possible to define a custom executable content type by inheriting from the ExecutableFile type and adding the new type to the portal settings so that uploaded files get the correct type. See the import article for details.

Related links

References

There are no external references for this article.