Ask a Question related to ASP.NET Security, Design and Development.
-
Steve Lloyd #1
Securing files for download.
Hi,
I am trying to work out how I can secure files available for download on a
website.
I have forms authentication set and can deny access to aspx file in a
directory using the web.config file which redirects to the login page and
works fine, however, if i have a downloadable in this directory people can
enter the URI of the file and download it without any login. I understand
that the web.config approach only secures .Net based resources but would
like to know if anyone has a solution/work around for this. I have thought
about storing the files in SQL which would require an aspx page to
authenticate to the server, I think this would work but SQL space costs much
more than web space ..
The webserver is a shared hosting solution so i do not have acces to the
windows level accounts.
Would appreciate some direction on this.
Thanks very much
Steve
Steve Lloyd Guest
-
Multiple files download?
Originally posted by: 2JZ Hi all, I am using FileReference's download() to download file. However, it seems that donwload() only donwload one... -
No Files for download...?
just got a new pc so im reinstalling everything. went to download the latest flash player but the link to the .exe doesnt work!? ... -
Unable to download files with IE
I've got a strange bug with IE. Whenever I try and download a file, it goes through the motions of downloading as expected, but as soon as it... -
Securing and Accessing XML Files
I’m not very experienced with security on a web server, so what I’m asking might be really stupid. I have an application that is creating XML... -
Help needed with download files.
Hi there, I have some .exe files located on the server in a folder named "download bin" I want to send out e-mail which apart from anything... -
Joe Audette #2 Securing files for download.
?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ????????????????????????????????????????????.????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ????????????????????>
Joe Audette Guest
-
Joe Audette #3 Securing files for download.
I did not post all those question marks. Not sure what
happened but I posted some code that I thought would help.
I recommend storing the download files outside the web
and open them with a binary stream and use
Response.BinaryWrite to return them. Too bad it lost the
code I posted.
Joe Audette Guest
-
Luis Centeio #4 Re: Securing files for download.
hello Steve
An excellent article on that subject
is at
[url]http://www.wwwcoder.com/main/parentid/259/site/1795/68/default.aspx[/url]
Hoppe that suite to you
Luis Centeio
"Steve Lloyd" <steveRemoveThisNow@livenowpaylater.co.uk> wrote in message
news:OF9mizovDHA.2080@TK2MSFTNGP10.phx.gbl...thought> Hi,
>
> I am trying to work out how I can secure files available for download on a
> website.
>
> I have forms authentication set and can deny access to aspx file in a
> directory using the web.config file which redirects to the login page and
> works fine, however, if i have a downloadable in this directory people can
> enter the URI of the file and download it without any login. I understand
> that the web.config approach only secures .Net based resources but would
> like to know if anyone has a solution/work around for this. I havemuch> about storing the files in SQL which would require an aspx page to
> authenticate to the server, I think this would work but SQL space costs> more than web space ..
>
> The webserver is a shared hosting solution so i do not have acces to the
> windows level accounts.
>
> Would appreciate some direction on this.
>
> Thanks very much
>
> Steve
>
>
Luis Centeio Guest
-
Petr PALAS #5 Re: Securing files for download.
Hi Steve,
when you set the IIS to process all files using ASPNET_ISAPI.dll as it does
with ASPX files. Then you can check if user is authenticated and authorized
in the following event:
Sub Application_AcquireRequestState(ByVal sender As Object, ByVal e As
EventArgs)
'... your code ....
End Sub
You can find a more detailed description in the documentation of PortSight
Secure Access for .NET (you don't need the component to work this out:
[url]http://www.portsight.com/downloads/SecureAccess/1_1/Standard/Secure%20Access%20Guide.chm[/url]
Best Regards,
Petr PALAS, [email]petrp@portsight.com[/email]
PortSight - Portals & Components, [url]www.PortSight.com[/url]
"Steve Lloyd" <steveRemoveThisNow@livenowpaylater.co.uk> wrote in message
news:OF9mizovDHA.2080@TK2MSFTNGP10.phx.gbl...thought> Hi,
>
> I am trying to work out how I can secure files available for download on a
> website.
>
> I have forms authentication set and can deny access to aspx file in a
> directory using the web.config file which redirects to the login page and
> works fine, however, if i have a downloadable in this directory people can
> enter the URI of the file and download it without any login. I understand
> that the web.config approach only secures .Net based resources but would
> like to know if anyone has a solution/work around for this. I havemuch> about storing the files in SQL which would require an aspx page to
> authenticate to the server, I think this would work but SQL space costs> more than web space ..
>
> The webserver is a shared hosting solution so i do not have acces to the
> windows level accounts.
>
> Would appreciate some direction on this.
>
> Thanks very much
>
> Steve
>
>
Petr PALAS Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
