file permission

G

Guest

Hello

I develop a web application with form authentication by C#.NET. Authorized users can upload/download files to/from the web server. But I meet a problem: any user can download any file on the web server once they know the file's URL. Do you know how to prevent this?

Thanks in advance.
 
M

Michael Mayer [C# MVP]

You need to put the files in a private folder (or a database), and then have
an asp.net page return the file.

Here's a couple of articles that shows how to do that:
http://www.123aspx.com/redir.aspx?res=30958
http://www.aspfree.com/c/a/ASP.NET-Code/File-download-using-C-by-MVadivel/

That would make your url's look something like this:
fake://mydomain.com/GetDoc.aspx?name=document.doc

If you want more pleasing URL's, then you can combine this with URL
rewriting.

This is one of the most useful rewriting articles I've found. (But there are
several out there, search for: url rewriting httpmodule
http://www.codeproject.com/aspnet/urlrewriter.asp

You wouldn't need all the regular expressions code, instead just check if
the url is something like:
/uploads
and then simply rewrite the url to be
http://mydomain.com/GetDoc.aspx?url=(oldurl)


--
Mike Mayer, C# MVP
(e-mail address removed)
http://www.mag37.com/csharp/

Simon Chuang said:
Hello,

I develop a web application with form authentication by C#.NET. Authorized
users can upload/download files to/from the web server. But I meet a
problem: any user can download any file on the web server once they know the
file's URL. Do you know how to prevent this?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top