How to authorize download?

Discussion in 'ASP .Net Security' started by lenyado, Dec 25, 2004.

  1. lenyado

    lenyado Guest

    I am planning a website which reqires this feature: it allows registered
    users to upload and/or download files (like *.doc, *.ppt etc.) but not
    everyone can download every files. some files are restricted to certain users
    only. that means only certain users can download certain files. but if the
    URL of a certain file that needed to be protected is exposed, the
    authorization will be in vain. any solutions?
    lenyado, Dec 25, 2004
    #1
    1. Advertising

  2. lenyado

    Ben Lucas Guest

    You could write an HttpHandler or an HttpModule to handle the security.
    Basically your HttpHandler or HttpModule would need to perform the security
    check and give an Access Denied message if the user does not have access, or
    if the user does have access, set the content type and write the file to the
    Response stream.

    Also, note that you will have to set up IIS so that the ASP.Net application
    handles .doc, .ppt, and whatever other files you want to provide security
    for.

    --
    Ben Lucas
    Lead Developer
    Solien Technology, Inc.
    www.solien.com

    "lenyado" <> wrote in message
    news:...
    >I am planning a website which reqires this feature: it allows registered
    > users to upload and/or download files (like *.doc, *.ppt etc.) but not
    > everyone can download every files. some files are restricted to certain
    > users
    > only. that means only certain users can download certain files. but if the
    > URL of a certain file that needed to be protected is exposed, the
    > authorization will be in vain. any solutions?
    Ben Lucas, Dec 27, 2004
    #2
    1. Advertising

  3. Write the files based on a querystringvariable as binary to the response
    stream (if the user is authenticated, otherwise send him some greetings with
    a errormessage) - so you don't have to reconfigure IIS and nobody has knows
    the path to the files.

    --
    Daniel Fisher(lennybacon)
    MCP ASP.NET C#
    Blog: http://www.lennybacon.com/


    "Ben Lucas" <> wrote in message
    news:...
    > You could write an HttpHandler or an HttpModule to handle the security.
    > Basically your HttpHandler or HttpModule would need to perform the
    > security check and give an Access Denied message if the user does not have
    > access, or if the user does have access, set the content type and write
    > the file to the Response stream.
    >
    > Also, note that you will have to set up IIS so that the ASP.Net
    > application handles .doc, .ppt, and whatever other files you want to
    > provide security for.
    >
    > --
    > Ben Lucas
    > Lead Developer
    > Solien Technology, Inc.
    > www.solien.com
    >
    > "lenyado" <> wrote in message
    > news:...
    >>I am planning a website which reqires this feature: it allows registered
    >> users to upload and/or download files (like *.doc, *.ppt etc.) but not
    >> everyone can download every files. some files are restricted to certain
    >> users
    >> only. that means only certain users can download certain files. but if
    >> the
    >> URL of a certain file that needed to be protected is exposed, the
    >> authorization will be in vain. any solutions?

    >
    >
    Daniel Fisher\(lennybacon\), Dec 28, 2004
    #3
  4. Patrick Olurotimi Ige, Dec 28, 2004
    #4
  5. lenyado

    Lenyado Guest

    Thanks, that's quite helpful. i will try that out later.
    Lenyado, Dec 29, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?QmlsbCBCZWxsaXZlYXU=?=

    Authorize HTTPHeader

    =?Utf-8?B?QmlsbCBCZWxsaXZlYXU=?=, Dec 12, 2003, in forum: ASP .Net
    Replies:
    2
    Views:
    2,777
    =?Utf-8?B?QmlsbCBCZWxsaXZlYXU=?=
    Dec 15, 2003
  2. Ben Chen
    Replies:
    1
    Views:
    351
    =?Utf-8?B?UHJhdmVlbiBL?=
    Oct 11, 2004
  3. Blue

    Problem with Authorize.net

    Blue, Dec 28, 2005, in forum: ASP .Net
    Replies:
    3
    Views:
    1,168
    Chris Gunn
    Dec 30, 2005
  4. =?Utf-8?B?TWF0dEJlbGw=?=

    Forcing An Authorize in Forms Authentication

    =?Utf-8?B?TWF0dEJlbGw=?=, Jul 7, 2006, in forum: ASP .Net
    Replies:
    1
    Views:
    324
    =?Utf-8?B?UGV0ZXIgQnJvbWJlcmcgW0MjIE1WUF0=?=
    Jul 7, 2006
  5. Brian Vallelunga

    Manually authorize user

    Brian Vallelunga, Jul 27, 2006, in forum: ASP .Net
    Replies:
    2
    Views:
    2,800
    Brian Vallelunga
    Jul 28, 2006
Loading...

Share This Page