By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
448,962 Members | 1,407 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 448,962 IT Pros & Developers. It's quick & easy.

file permission

P: n/a
Hello

I develop a web application with form authentication by C#.NET. Authorized users can upload/download files to/from the web server. But I meet a problem: any user can download any file on the web server once they know the file's URL. Do you know how to prevent this?

Thanks in advance.
Nov 18 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
You need to put the files in a private folder (or a database), and then have
an asp.net page return the file.

Here's a couple of articles that shows how to do that:
http://www.123aspx.com/redir.aspx?res=30958
http://www.aspfree.com/c/a/ASP.NET-C...C-by-MVadivel/

That would make your url's look something like this:
fake://mydomain.com/GetDoc.aspx?name=document.doc

If you want more pleasing URL's, then you can combine this with URL
rewriting.

This is one of the most useful rewriting articles I've found. (But there are
several out there, search for: url rewriting httpmodule
http://www.codeproject.com/aspnet/urlrewriter.asp

You wouldn't need all the regular expressions code, instead just check if
the url is something like:
/uploads
and then simply rewrite the url to be
http://mydomain.com/GetDoc.aspx?url=(oldurl)
--
Mike Mayer, C# MVP
mi**@mag37.com
http://www.mag37.com/csharp/

"Simon Chuang" <an*******@discussions.microsoft.com> wrote in message
news:87**********************************@microsof t.com...
Hello,

I develop a web application with form authentication by C#.NET. Authorized users can upload/download files to/from the web server. But I meet a
problem: any user can download any file on the web server once they know the
file's URL. Do you know how to prevent this?
Thanks in advance.

Nov 18 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.