473,657 Members | 2,475 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

For certain directories, protecting files from direct access that match a naming pattern OR mediating http access through my app

Short version: I want to know how in ASP.NET I could bar direct http access
to some files in a directory that match a pattern, but not others. An
alternate solution would be to bar all direct http access to files and
require that any access of the files be mediated by my web application. In
other words, direct access via http://domain.com/app/MyCoolPhoto.jpg would
be forbidden.

Long version: I've written a photo cms and display application that has
organized many tens of thousands of files. It has made different versions of
those files, some of which I am willing to offer to the general public and
most of which I'm not:

jid20040632_pid 400017_wissners livkachair_001_ ld50.jpg
// OK to show to the world
jid20040632_pid 400017_wissners livkachair_001_ ld400watermarke d.jpg //
Also OK, it's watermarked
jid20040632_pid 400017_wissners livkachair_001_ fullsized.jpg
// NOT OK! Keep this files matching "..._fullsi zed" off limits!
[multiply this by 20 other variations.]

I want to limit access to most of those variations. In some cases I imagine
I will be doing that limiting via ASP.NET 2 roles and in other cases I will
be inspecting ServerVariables that are assigned by the Pubcookie auth
framework.

Can someone suggest a server-side approach that works with ASP.NET and that
can't be easily defeated?

Thanks,
-KF
Jul 31 '07 #1
0 1333

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
3
20982
ereg - regexp for NOT matching certain filename extensions
by: Martin Lucas-Smith | last post by:
Is there some way of using ereg to detect when certain filename extensions are supplied and to return false if so, WITHOUT using the ! operator before ereg () ? I have an API that allows as an input a regular expression, enabling the administrator to ensure a file upload matches a certain pattern. For instance, supplying the string '.exe$|.com$|.bat$|.zip$|.doc$'
PHP
2
2457
PHP and Protecting Email
by: Jim | last post by:
I have contact info including email address in MySQL. If I use php to extract them into online directory, can a spambot harvest the address? or does the spambot read the raw php code? I previously used javascript to hide my email addresses but more and more people are disabling javascripting for security reasons. I need to find a way to keep my email address from being harvested. Does encoding the email with Ultimate Mailto (hex and...
PHP
1
1843
protecting files and directories with php
by: dave | last post by:
Hello, I've got a situation where i have a directory called "example". In this area i have three files, an index page that has a form on it in to which user's can authenticate, a page displaying either success or failure and if success redirects to a downloadable file. I don't want this downloadable file to be had by a direct url access, user's should have to authenticate to get it. I want to use php4 for this and if possible since this is...
PHP
1
7404
Search for files with no extension
by: Prem | last post by:
Hi, I need to search a particular directory for all the files that do not have any extension and have a specific naming convension. The first 3 characters of the file name are alpha and the rest are numeric. For example, valid files are 'abc1234', 'xyz9876' etc. Is there a search pattern I can use with the Directory.getFiles( ) method. Thanks in Advance Prem
C# / C Sharp
1
1652
How to prevent file access in certain directories
by: Steve Franks | last post by:
I'd like to set up a certain part of my web tree so that no browsers can access files from that directory and any directories below it. I will store certain resouces like xml files and other resource files in there. These are files that my web components need access to but that the browser should not be able to request diretly. I know under VS.NET 2005 there is an app_data directory but I didn't have any luck using it. What's the...
ASP.NET
18
2292
Protecting files on the server.
by: UJ | last post by:
Folks, We provide custom content for our customers. Currently we put the files on our server and people have a program we provide that will download the files. These files are usually SWF, HTML or JPG files. The problem as I see it - if you know the name of the file, you could download it off the server (currently we are using an HTTP/Get but I'm going to be using WebClient in the new version.) If there any way to password protect the...
ASP.NET
3
2541
Parsing Files with Regular Expressions
by: Chris | last post by:
Hi everyone, I'm trying to parse through the contents of some text files with regular expressions, but am new to regular expressions and how to use them in VB.net. I'm pretty sure that the regular expressions are correct as I got them from regexlib.com and tested them in the Regulator and Expresso. The problem is I tested this function with a file that contains a string
Visual Basic .NET
1
4156
c#: inter-object event messaging (mediator pattern?)
by: halekio | last post by:
Hi all, Please bear with me as I've only started programming in C# 2 weeks ago and this is my first contact with OOP. I ran into a situation where I needed to catch an event in an object that had no connection or reference to the object that triggered it. It goes something like this: (not syntactically correct..it's just for the idea)
C# / C Sharp
0
1573
Re: directories
by: user923005 | last post by:
On Jun 27, 12:19 pm, rober...@ibd.nrc-cnrc.gc.ca (Walter Roberson) wrote: From the link that you cut to SFL, we have this directory API that works on POSIX and Windows: Directory access functions Filename: sfldir.h Package: Standard Function Library (SFL)
C / C++
0
8411
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
8739
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
0
8613
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
7351
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
0
5638
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
4173
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
4329
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
2740
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
1969
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us