Geek asks and answers

How to stop the user from receiving files if not logging in

I create a website where there are files that are in the folder, and also provide links for these files to the user so that they can download these files, I just do not allow authenticated users everything, but as if there is a user who knows the link The file is directly placed in the address bar and receives this file, can someone tell me that I can make sure that the file is downloaded only from a verified user, not by all users.

+3
source share
6 answers

You should not provide a direct link to the file, you are creating something like a proxy (I believe that the HTTP handler is suitable for this). In the handler, you check that the user is authenticated (perhaps check some value from the session), if so, than the return file, otherwise the return was not found or something else.
So the URLs for all files will look like this:

http://localhost/filesHandler.ashx?file=pathToFile
+2
source

If you have all your files in one folder, you need to place the web.configfile in this folder with the following contents:

<configuration>
    <system.web>
        <authorization>
            //disallow anonymous users
            <deny users="?"/>
        </authorization>
    </system.web>
</configuration>

You can find more detials here .

+3
source

. , , .

user_files , script, , .

string _fileName;

string _path = /*some user specific path*/ + "FileDir/" + name;

System.IO.FileInfo _file = new System.IO.FileInfo(_path);

if (_file.Exists)

{
    Response.Clear();
    Response.AddHeader("Content-Disposition", "attachment; filename=" + _file.Name);
    Response.AddHeader("Content-Length", _file.Length.ToString());
    Response.ContentType = "application/octet-stream";
    Response.WriteFile(_file.FullName);
    Response.End();
}
+3

asp.net , - -...

<location path="Admin">
  <system.web>
    <authorization>
      <allow roles="Administrator" />
      <deny users="?" />
    </authorization>
  </system.web>
</location>
+2

: , .

, "download.aspx? file = _". download.aspx Response.WriteFile .

( Download.ashx)

+2

You just need to verify that the login user authenticates the user on the download page of the Page_Load page. if it is authenticated, then allow the user access to another file.

-1
source

More articles:


All Articles