|
How to authorize download?
I am planning a website which reqires this feature: it allows registered
users to upload and/or download files (like *.doc, *.ppt etc.) but not everyone can download every files. some files are restricted to certain users only. that means only certain users can download certain files. but if the URL of a certain file that needed to be protected is exposed, the authorization will be in vain. any solutions? |
Re: How to authorize download?
You could write an HttpHandler or an HttpModule to handle the security.
Basically your HttpHandler or HttpModule would need to perform the security check and give an Access Denied message if the user does not have access, or if the user does have access, set the content type and write the file to the Response stream. Also, note that you will have to set up IIS so that the ASP.Net application handles .doc, .ppt, and whatever other files you want to provide security for. -- Ben Lucas Lead Developer Solien Technology, Inc. www.solien.com "lenyado" <lenyado@discussions.microsoft.com> wrote in message news:04C224EB-729A-41DC-819F-598FCC47C5B0@microsoft.com... >I am planning a website which reqires this feature: it allows registered > users to upload and/or download files (like *.doc, *.ppt etc.) but not > everyone can download every files. some files are restricted to certain > users > only. that means only certain users can download certain files. but if the > URL of a certain file that needed to be protected is exposed, the > authorization will be in vain. any solutions? |
How to authorize download?
Write the files based on a querystringvariable as binary to the response
stream (if the user is authenticated, otherwise send him some greetings with a errormessage) - so you don't have to reconfigure IIS and nobody has knows the path to the files. -- Daniel Fisher(lennybacon) MCP ASP.NET C# Blog: http://www.lennybacon.com/ "Ben Lucas" <ben@nospam.solien.nospam.com> wrote in message news:x8CdnTqkJLUXtE3cRVn-qw@comcast.com... > You could write an HttpHandler or an HttpModule to handle the security. > Basically your HttpHandler or HttpModule would need to perform the > security check and give an Access Denied message if the user does not have > access, or if the user does have access, set the content type and write > the file to the Response stream. > > Also, note that you will have to set up IIS so that the ASP.Net > application handles .doc, .ppt, and whatever other files you want to > provide security for. > > -- > Ben Lucas > Lead Developer > Solien Technology, Inc. > www.solien.com > > "lenyado" <lenyado@discussions.microsoft.com> wrote in message > news:04C224EB-729A-41DC-819F-598FCC47C5B0@microsoft.com... >>I am planning a website which reqires this feature: it allows registered >> users to upload and/or download files (like *.doc, *.ppt etc.) but not >> everyone can download every files. some files are restricted to certain >> users >> only. that means only certain users can download certain files. but if >> the >> URL of a certain file that needed to be protected is exposed, the >> authorization will be in vain. any solutions? > > |
Re: How to authorize download?
Try looking at these 2 artickes at:-
http://dotnetjunkies.com/WebLog/rich...04/05/21/14215. aspx and http://www.microsoft.com/india/msdn/articles/57.aspx Hope it helps.. Patrick *** Sent via Developersdex http://www.developersdex.com *** Don't just participate in USENET...get rewarded for it! |
RE: How to authorize download?
Thanks, that's quite helpful. i will try that out later.
|
| All times are GMT. The time now is 07:23 AM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.