How can we restrict a user from changing the download path url's fine name.
-
Ex: If I send user the download url like http://www.mysite.com/downloads/file1.pdf but there are file2.pdf,file3.pdf in the same folder and user can simple rename the file1.pdf to file2.pdf in the url and he can download file2.pdf. How can we restrict users from doing this. I really appreciate for you help.... Thanks Nani
-
Ex: If I send user the download url like http://www.mysite.com/downloads/file1.pdf but there are file2.pdf,file3.pdf in the same folder and user can simple rename the file1.pdf to file2.pdf in the url and he can download file2.pdf. How can we restrict users from doing this. I really appreciate for you help.... Thanks Nani
How about using randomly generated file names so that the user has no way of replacing the file name?
0100000101101110011001000111001011101001
-
Ex: If I send user the download url like http://www.mysite.com/downloads/file1.pdf but there are file2.pdf,file3.pdf in the same folder and user can simple rename the file1.pdf to file2.pdf in the url and he can download file2.pdf. How can we restrict users from doing this. I really appreciate for you help.... Thanks Nani
-
Ex: If I send user the download url like http://www.mysite.com/downloads/file1.pdf but there are file2.pdf,file3.pdf in the same folder and user can simple rename the file1.pdf to file2.pdf in the url and he can download file2.pdf. How can we restrict users from doing this. I really appreciate for you help.... Thanks Nani
Nani - you actually need to invert your thinking on this. Should you be restricting the user from doing this? If the user has the permissions to download the file then why should you restrict it? If, however, you change the problem around to "should I allow a user to be able to download a file that they don't have permissions to?" then you get a totally different question, but a one that makes a lot of sense. You can use the security aspects of ASP.NET - and combine this with ashx handlers to parse the request that's coming in - and control the users access to the files. BTW - this should have been asked in the ASP.NET forum, not this one.
Forgive your enemies - it messes with their heads
"Mind bleach! Send me mind bleach!" - Nagy Vilmos
My blog | My articles | MoXAML PowerToys | Mole 2010 - debugging made easier - my favourite utility
-
Ex: If I send user the download url like http://www.mysite.com/downloads/file1.pdf but there are file2.pdf,file3.pdf in the same folder and user can simple rename the file1.pdf to file2.pdf in the url and he can download file2.pdf. How can we restrict users from doing this. I really appreciate for you help.... Thanks Nani
You accomplish this by keeping your assets in a non-accessible location (eg, somewhere in
App_Data) and using an HttpHandler to serve the files out after verifying permissions.