For certain directories, protecting files from direct access that match a naming pattern OR mediatin

Discussion in 'ASP .Net' started by Ken Fine, Jul 31, 2007.

  1. Ken Fine

    Ken Fine Guest

    Short version: I want to know how in ASP.NET I could bar direct http access
    to some files in a directory that match a pattern, but not others. An
    alternate solution would be to bar all direct http access to files and
    require that any access of the files be mediated by my web application. In
    other words, direct access via http://domain.com/app/MyCoolPhoto.jpg would
    be forbidden.

    Long version: I've written a photo cms and display application that has
    organized many tens of thousands of files. It has made different versions of
    those files, some of which I am willing to offer to the general public and
    most of which I'm not:

    jid20040632_pid400017_wissnerslivkachair_001_ld50.jpg
    // OK to show to the world
    jid20040632_pid400017_wissnerslivkachair_001_ld400watermarked.jpg //
    Also OK, it's watermarked
    jid20040632_pid400017_wissnerslivkachair_001_fullsized.jpg
    // NOT OK! Keep this files matching "..._fullsized" off limits!
    [multiply this by 20 other variations.]

    I want to limit access to most of those variations. In some cases I imagine
    I will be doing that limiting via ASP.NET 2 roles and in other cases I will
    be inspecting ServerVariables that are assigned by the Pubcookie auth
    framework.

    Can someone suggest a server-side approach that works with ASP.NET and that
    can't be easily defeated?

    Thanks,
    -KF
     
    Ken Fine, Jul 31, 2007
    #1
    1. Advertising

  2. I've documented all you need to know on this subject here:
    http://dotnetslackers.com/articles/aspnet/FileDenial.aspx

    --
    I hope this helps,
    Steve C. Orr,
    MCSD, MVP, CSM, ASPInsider
    http://SteveOrr.net



    "Ken Fine" <> wrote in message
    news:f8m0ue$msf$...
    > Short version: I want to know how in ASP.NET I could bar direct http
    > access to some files in a directory that match a pattern, but not others.
    > An alternate solution would be to bar all direct http access to files and
    > require that any access of the files be mediated by my web application. In
    > other words, direct access via http://domain.com/app/MyCoolPhoto.jpg would
    > be forbidden.
    >
    > Long version: I've written a photo cms and display application that has
    > organized many tens of thousands of files. It has made different versions
    > of those files, some of which I am willing to offer to the general public
    > and most of which I'm not:
    >
    > jid20040632_pid400017_wissnerslivkachair_001_ld50.jpg // OK to show to the
    > world
    > jid20040632_pid400017_wissnerslivkachair_001_ld400watermarked.jpg //
    > Also OK, it's watermarked
    > jid20040632_pid400017_wissnerslivkachair_001_fullsized.jpg // NOT OK! Keep
    > this files matching "..._fullsized" off limits!
    > [multiply this by 20 other variations.]
    >
    > I want to limit access to most of those variations. In some cases I
    > imagine I will be doing that limiting via ASP.NET 2 roles and in other
    > cases I will be inspecting ServerVariables that are assigned by the
    > Pubcookie auth framework.
    >
    > Can someone suggest a server-side approach that works with ASP.NET and
    > that can't be easily defeated?
    >
    > Thanks,
    > -KF
    >
     
    Steve C. Orr [MCSD, MVP, CSM, ASP Insider], Jul 31, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Maziar Aflatoun

    Protecting multiple directories

    Maziar Aflatoun, Jan 8, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    338
    Fabio
    Jan 8, 2005
  2. Steve Franks
    Replies:
    1
    Views:
    448
    Juan T. Llibre
    Nov 1, 2005
  3. Vikas
    Replies:
    3
    Views:
    159
    Dominick Baier [DevelopMentor]
    Apr 25, 2006
  4. Adam Petrie
    Replies:
    8
    Views:
    338
    Adam Petrie
    Oct 11, 2004
  5. Peng Yu
    Replies:
    0
    Views:
    121
    Peng Yu
    Mar 19, 2013
Loading...

Share This Page