Securing files for download.

Discussion in 'ASP .Net Security' started by Steve Lloyd, Dec 9, 2003.

  1. Steve Lloyd

    Steve Lloyd Guest

    Hi,

    I am trying to work out how I can secure files available for download on a
    website.

    I have forms authentication set and can deny access to aspx file in a
    directory using the web.config file which redirects to the login page and
    works fine, however, if i have a downloadable in this directory people can
    enter the URI of the file and download it without any login. I understand
    that the web.config approach only secures .Net based resources but would
    like to know if anyone has a solution/work around for this. I have thought
    about storing the files in SQL which would require an aspx page to
    authenticate to the server, I think this would work but SQL space costs much
    more than web space ..

    The webserver is a shared hosting solution so i do not have acces to the
    windows level accounts.

    Would appreciate some direction on this.

    Thanks very much

    Steve
     
    Steve Lloyd, Dec 9, 2003
    #1
    1. Advertising

  2. Steve Lloyd

    Joe Audette Guest

    ??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????.???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????>
     
    Joe Audette, Dec 9, 2003
    #2
    1. Advertising

  3. Steve Lloyd

    Joe Audette Guest

    I did not post all those question marks. Not sure what
    happened but I posted some code that I thought would help.
    I recommend storing the download files outside the web
    and open them with a binary stream and use
    Response.BinaryWrite to return them. Too bad it lost the
    code I posted.
     
    Joe Audette, Dec 9, 2003
    #3
  4. Steve Lloyd

    Luis Centeio Guest

    hello Steve

    An excellent article on that subject

    is at
    http://www.wwwcoder.com/main/parentid/259/site/1795/68/default.aspx

    Hoppe that suite to you

    Luis Centeio

    "Steve Lloyd" <> wrote in message
    news:...
    > Hi,
    >
    > I am trying to work out how I can secure files available for download on a
    > website.
    >
    > I have forms authentication set and can deny access to aspx file in a
    > directory using the web.config file which redirects to the login page and
    > works fine, however, if i have a downloadable in this directory people can
    > enter the URI of the file and download it without any login. I understand
    > that the web.config approach only secures .Net based resources but would
    > like to know if anyone has a solution/work around for this. I have

    thought
    > about storing the files in SQL which would require an aspx page to
    > authenticate to the server, I think this would work but SQL space costs

    much
    > more than web space ..
    >
    > The webserver is a shared hosting solution so i do not have acces to the
    > windows level accounts.
    >
    > Would appreciate some direction on this.
    >
    > Thanks very much
    >
    > Steve
    >
    >
     
    Luis Centeio, Dec 9, 2003
    #4
  5. Steve Lloyd

    Petr PALAS Guest

    Hi Steve,

    when you set the IIS to process all files using ASPNET_ISAPI.dll as it does
    with ASPX files. Then you can check if user is authenticated and authorized
    in the following event:

    Sub Application_AcquireRequestState(ByVal sender As Object, ByVal e As
    EventArgs)
    '... your code ....
    End Sub

    You can find a more detailed description in the documentation of PortSight
    Secure Access for .NET (you don't need the component to work this out:

    http://www.portsight.com/downloads/SecureAccess/1_1/Standard/Secure Access Guide.chm

    Best Regards,

    Petr PALAS,
    PortSight - Portals & Components, www.PortSight.com




    "Steve Lloyd" <> wrote in message
    news:...
    > Hi,
    >
    > I am trying to work out how I can secure files available for download on a
    > website.
    >
    > I have forms authentication set and can deny access to aspx file in a
    > directory using the web.config file which redirects to the login page and
    > works fine, however, if i have a downloadable in this directory people can
    > enter the URI of the file and download it without any login. I understand
    > that the web.config approach only secures .Net based resources but would
    > like to know if anyone has a solution/work around for this. I have

    thought
    > about storing the files in SQL which would require an aspx page to
    > authenticate to the server, I think this would work but SQL space costs

    much
    > more than web space ..
    >
    > The webserver is a shared hosting solution so i do not have acces to the
    > windows level accounts.
    >
    > Would appreciate some direction on this.
    >
    > Thanks very much
    >
    > Steve
    >
    >
     
    Petr PALAS, Dec 12, 2003
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Chris

    Securing XML files

    Chris, Jan 29, 2007, in forum: ASP .Net
    Replies:
    2
    Views:
    330
    bruce barker
    Jan 29, 2007
  2. JAG
    Replies:
    0
    Views:
    334
  3. Timothy W. Grove

    Securing files

    Timothy W. Grove, Feb 23, 2011, in forum: Python
    Replies:
    2
    Views:
    216
    entliczek
    Feb 23, 2011
  4. crjunk

    Securing and Accessing XML Files

    crjunk, Dec 20, 2004, in forum: ASP .Net Security
    Replies:
    1
    Views:
    106
    Patrick Olurotimi Ige
    Dec 21, 2004
  5. anoop

    Securing URL in File Download in ASP.net

    anoop, Nov 14, 2007, in forum: ASP .Net Security
    Replies:
    2
    Views:
    670
    Alexey Smirnov
    Nov 17, 2007
Loading...

Share This Page