disable to dsiplay xml file on web browser from across domain

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

How do I disable to show xml file content on web browser from across domain.
I know we can have some sort of enbcription on the xml file content.
I also know that we can use authentication to control the display of xml file.

However, I want to assume the user is authenticated in the directory where I
have the haha.xml file. Yet, the user would not be able to see the content of
the xml file as below

ie) When some one type http://mywebsite.com/haha.xml and it would not show
the content of the xml file on the web browser.

Please help and thanks.

Ray
 
Ray,

I'm sure there is a better way, but one approach is to write an
HttpHandler that will "ignore" the request. You can implement the
desired behavior within the handler. For example, you could redirect
the user to another page or return blank HTML.

Follow the steps below for an example:

1) Add the file extension .xml to the Application Extensions list in
IIS. (Using the IIS Manager, select the virtual directory and go to
Properties | Virtual Directory tab | Configuration... | Mappings tab.)

2) Compile the sample code to as a dll and name the file
IgnoreHttpHandlers.dll:

using System.Web;

namespace IgnoreHttpHandlers
{
public class Xml : IHttpHandler
{
public bool IsReusable { get{ return true; } }

public void ProcessRequest(System.Web.HttpContext context)
{
// Return blank HTML.
}
}
}

3) Copy IgnoreHttpHandlers.dll to the bin directory of the virtual
application.

4) Add the following to the web.config:

<configuration>
<system.web>
<httpHandlers>
<add verb="*" path="*.xml"
type="IgnoreHttpHandlers.Xml,IgnoreHttpHandlers" />
</httpHandlers>
</system.web>
</configuration>

This sample will return a blank HTML document instead of the Xml
source for any files with an extension of .XML. Again, this is one
approach. There's probably an easier, better way.

HTH

-KIRBY
 
Back
Top