Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Security / December 2004

Tip: Looking for answers? Try searching our database.

How to authorize download?

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
lenyado - 25 Dec 2004 18:23 GMT
I am planning a website which reqires this feature: it allows registered
users to upload and/or download files (like *.doc, *.ppt etc.) but not  
everyone can download every files. some files are restricted to certain users
only. that means only certain users can download certain files. but if the
URL of a certain file that needed to be protected is exposed, the
authorization will be in vain. any solutions?
Reply to this Message
Ben Lucas - 27 Dec 2004 15:26 GMT
You could write an HttpHandler or an HttpModule to handle the security.
Basically your HttpHandler or HttpModule would need to perform the security
check and give an Access Denied message if the user does not have access, or
if the user does have access, set the content type and write the file to the
Response stream.

Also, note that you will have to set up IIS so that the ASP.Net application
handles .doc, .ppt, and whatever other files you want to provide security
for.

Signature

Ben Lucas
Lead Developer
Solien Technology, Inc.
www.solien.com

>I am planning a website which reqires this feature: it allows registered
> users to upload and/or download files (like *.doc, *.ppt etc.) but not
[quoted text clipped - 3 lines]
> URL of a certain file that needed to be protected is exposed, the
> authorization will be in vain. any solutions?
Reply to this Message
Daniel Fisher\(lennybacon\) - 28 Dec 2004 20:54 GMT
Write the files based on a querystringvariable as binary to the response
stream (if the user is authenticated, otherwise send him some greetings with
a errormessage) - so you don't have to reconfigure IIS and nobody has knows
the path to the files.

Signature

Daniel Fisher(lennybacon)
MCP ASP.NET C#
Blog: http://www.lennybacon.com/

> You could write an HttpHandler or an HttpModule to handle the security.
> Basically your HttpHandler or HttpModule would need to perform the
[quoted text clipped - 14 lines]
>> URL of a certain file that needed to be protected is exposed, the
>> authorization will be in vain. any solutions?
Reply to this Message
Patrick Olurotimi Ige - 28 Dec 2004 23:10 GMT
Try looking at these 2 artickes at:-
http://dotnetjunkies.com/WebLog/richard.dudley/archive/2004/05/21/14215.
aspx

and

http://www.microsoft.com/india/msdn/articles/57.aspx

Hope it helps..
Patrick
Reply to this Message
Lenyado - 29 Dec 2004 04:37 GMT
Thanks, that's quite helpful. i will try that out later.
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.