ASP.NET allows developers to create handlers and services (e.g. aspx, asmx files) that may contain source code and can be requested directly. This means for security reasons we have to be careful allowing the creation and execution of these kind of content. This page describes the different executable files that you may create in Sense/Net ECMS and the way they are executed.
Sense/Net ECMS has very strict rules for executable files: for example you cannot have aspx files in the Content Repository as simple files, they must be instances of the ExecutableFile type. In the following sections you can learn about these restrictions and customization possibilities.
Creating executable files
If you want to upload an executable file to Sense/Net ECMS (see extension list below), you must have access (at least See permission) to the appropriate executable content type (see type list below) and the type has to be allowed on the target container. If you do not have permissions to the type, you will not be able to create or upload an executable file.
This rule applies to the rename operation too: you cannot upload a file with a non-restricted extension (e.g. txt) and rename it to be an aspx file.
When you upload an executable file and you have all the necessary permissions, the file will get the appropriate content type automatically.
Executing executable files
When a user accesses an executable file, she has to have at least the following permissions for the content:
- Open (without this the content would be inaccessible)
Please note the the user does not have to have access to the executable file content type to be able to execute the file. That is necessary only for admins and editors who will create these kind of files.
If the user does not have RunApplication permission for the file, but has Open permission, he will still be able to access the content, but it will not be executed: the user will see only the text of the file.
Executable file extensions
The currently defined executable file extensions are the following:
All files that have one of these extensions are considered executable files and must be instances of one of the executable content types (see type list below).
Executable content types
The currently defined executable content types are the following:
- Executable file (inherited from File)
- Web service application (inherited from Application)
It is possible to define a custom executable content type by inheriting from the ExecutableFile type and adding the new type to the portal settings so that uploaded files get the correct type. See the import article for details.
There are no external references for this article.