Securing files for download.

S

Steve Lloyd

Hi,

I am trying to work out how I can secure files available for download on a
website.

I have forms authentication set and can deny access to aspx file in a
directory using the web.config file which redirects to the login page and
works fine, however, if i have a downloadable in this directory people can
enter the URI of the file and download it without any login. I understand
that the web.config approach only secures .Net based resources but would
like to know if anyone has a solution/work around for this. I have thought
about storing the files in SQL which would require an aspx page to
authenticate to the server, I think this would work but SQL space costs much
more than web space ..

The webserver is a shared hosting solution so i do not have acces to the
windows level accounts.

Would appreciate some direction on this.

Thanks very much

Steve
 
J

Joe Audette

??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????.???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????>
 
J

Joe Audette

I did not post all those question marks. Not sure what
happened but I posted some code that I thought would help.
I recommend storing the download files outside the web
and open them with a binary stream and use
Response.BinaryWrite to return them. Too bad it lost the
code I posted.
 
P

Petr PALAS

Hi Steve,

when you set the IIS to process all files using ASPNET_ISAPI.dll as it does
with ASPX files. Then you can check if user is authenticated and authorized
in the following event:

Sub Application_AcquireRequestState(ByVal sender As Object, ByVal e As
EventArgs)
'... your code ....
End Sub

You can find a more detailed description in the documentation of PortSight
Secure Access for .NET (you don't need the component to work this out:

http://www.portsight.com/downloads/SecureAccess/1_1/Standard/Secure Access Guide.chm

Best Regards,

Petr PALAS, (e-mail address removed)
PortSight - Portals & Components, www.PortSight.com
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Securing a directory and its files with forms authentication 1
Securing files 2
Securing URL in File Download in ASP.net 2
Securing static files 9
Securing web.config appSettings - *** warning - long post *** 0
Securing TableAdapters/xds files 0
securing PDF files (among others) 0
securing an intranet site 2

Members online

No members online now.
Total: 40 (members: 1, guests: 39)
Robots: 430

Forum statistics

Threads
473,769
Messages
2,569,578
Members
45,052
Latest member
LucyCarper

Latest Threads

Top