how to secure access folder in asp.net?
-
i have a subfolder in my application with different file (doc, avi). all files are accessible only when the user is authenticated in the application but i want to secure for direct access from url. exemple : www.website.com/file/document.doc can't been donwloaded directly. the user must been authenticate to access to this file. How i can do this? ty
-
i have a subfolder in my application with different file (doc, avi). all files are accessible only when the user is authenticated in the application but i want to secure for direct access from url. exemple : www.website.com/file/document.doc can't been donwloaded directly. the user must been authenticate to access to this file. How i can do this? ty
What kinda authentication are you using in your application? If you are using integrated-window authentication then you can specify the specific permission or users to that folder.
Thanks and Regards, Michael Sync ( Blog: http://michaelsync.net) If you want to thank me for my help, please vote my message by clicking one of numbers beside "Rate this message". Why vote? Plz Read it here. Thank you. :)
-
i have a subfolder in my application with different file (doc, avi). all files are accessible only when the user is authenticated in the application but i want to secure for direct access from url. exemple : www.website.com/file/document.doc can't been donwloaded directly. the user must been authenticate to access to this file. How i can do this? ty
jerome_data wrote:
exemple : www.website.com/file/document.doc can't been donwloaded directly. the user must been authenticate to access to this file.
You can take the advantage of using HTTPModule. Write a HTTPModule and check all the request's. If any request comes for protected file types, check authentication, if not authenticated rewrite the URL to authentication page.
-
What kinda authentication are you using in your application? If you are using integrated-window authentication then you can specify the specific permission or users to that folder.
Thanks and Regards, Michael Sync ( Blog: http://michaelsync.net) If you want to thank me for my help, please vote my message by clicking one of numbers beside "Rate this message". Why vote? Plz Read it here. Thank you. :)
i use form authenthication in web.config: User is stored in database. How to do integrated-window authentication? ty
-
i use form authenthication in web.config: User is stored in database. How to do integrated-window authentication? ty
If you wanna use integrated-window authentication, you have to create the user account on Active Directory Service of Window Server. then, you can set the permission on the folder.. and you need to disable the anonymous access for your website.. so, if someone is trying to access your website, it will show the login dialog to authenticate the user. it is very easy to do in intranet site but if the website is on public server then you need to have dedicated hosting or something that can give the active directory service.... but it cost a lot of money... maybe. HttpModule as N a v a n e e t h suggest might be good for you..
Thanks and Regards, Michael Sync ( Blog: http://michaelsync.net) If you want to thank me for my help, please vote my message by clicking one of numbers beside "Rate this message". Why vote? Plz Read it here. Thank you. :)
-
If you wanna use integrated-window authentication, you have to create the user account on Active Directory Service of Window Server. then, you can set the permission on the folder.. and you need to disable the anonymous access for your website.. so, if someone is trying to access your website, it will show the login dialog to authenticate the user. it is very easy to do in intranet site but if the website is on public server then you need to have dedicated hosting or something that can give the active directory service.... but it cost a lot of money... maybe. HttpModule as N a v a n e e t h suggest might be good for you..
Thanks and Regards, Michael Sync ( Blog: http://michaelsync.net) If you want to thank me for my help, please vote my message by clicking one of numbers beside "Rate this message". Why vote? Plz Read it here. Thank you. :)
ok but i try to do integrated-window authentication without Active Directory Service.
-
jerome_data wrote:
exemple : www.website.com/file/document.doc can't been donwloaded directly. the user must been authenticate to access to this file.
You can take the advantage of using HTTPModule. Write a HTTPModule and check all the request's. If any request comes for protected file types, check authentication, if not authenticated rewrite the URL to authentication page.
how do you do to protected file (other than aspx file of course) in subfolder?
-
how do you do to protected file (other than aspx file of course) in subfolder?
jerome_data wrote:
how do you do to protected file (other than aspx file of course) in subfolder?
Same way as I explained in the previous post. I reiterate You have to write a HTTPModule and attach it with your website. HTTPModule is having set of events. You can use
PrequestHandlerExecuteevent. This event fire's for all requests. Assume you are getting a request likewww.yourdomain.com/subfolder/file.docwhich is a protected file. So first your HTTPModule will be invoked. In that check likeprivate void PreRequestHandlerExecute(Object source,EventArgs e)
{
HttpApplication CurrentApp = (HttpApplication)source; //Getting HTTPApplication object
if ( CurrentApp.Request.Url.AbsoluteUrl.EndsWith(".doc")
{
//It's a document file.
//Check user loged in status. if yes continue with request
//If not logged in rewrite URL
}
}To get your HTTPModule working with other extensions than ASPX, map the extensions you want to process to
aspnet_isapi.dllin IIS.
-
ok but i try to do integrated-window authentication without Active Directory Service.
I don't think it can be done without using AD..
Thanks and Regards, Michael Sync ( Blog: http://michaelsync.net) If you want to thank me for my help, please vote my message by clicking one of numbers beside "Rate this message". Why vote? Plz Read it here. Thank you. :)
-
jerome_data wrote:
how do you do to protected file (other than aspx file of course) in subfolder?
Same way as I explained in the previous post. I reiterate You have to write a HTTPModule and attach it with your website. HTTPModule is having set of events. You can use
PrequestHandlerExecuteevent. This event fire's for all requests. Assume you are getting a request likewww.yourdomain.com/subfolder/file.docwhich is a protected file. So first your HTTPModule will be invoked. In that check likeprivate void PreRequestHandlerExecute(Object source,EventArgs e)
{
HttpApplication CurrentApp = (HttpApplication)source; //Getting HTTPApplication object
if ( CurrentApp.Request.Url.AbsoluteUrl.EndsWith(".doc")
{
//It's a document file.
//Check user loged in status. if yes continue with request
//If not logged in rewrite URL
}
}To get your HTTPModule working with other extensions than ASPX, map the extensions you want to process to
aspnet_isapi.dllin IIS.
great ty