By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,846 Members | 1,646 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,846 IT Pros & Developers. It's quick & easy.

Protecting files on the server.

P: n/a
UJ
Folks,
We provide custom content for our customers. Currently we put the files on
our server and people have a program we provide that will download the
files. These files are usually SWF, HTML or JPG files. The problem as I see
it - if you know the name of the file, you could download it off the server
(currently we are using an HTTP/Get but I'm going to be using WebClient in
the new version.)

If there any way to password protect the file so people can't just download
them even if they know the file name?

The solutions I've come up with are:

1. Store the file in the database as a blob and read it (but this could get
slow as we will eventually add video which could get really big - up to
100MB).

2. Write a web service that will transfer the file back that has a password
on it.

Any other suggestions?

TIA - Jeff
Dec 19 '05 #1
Share this Question
Share on Google+
18 Replies


P: n/a
Jeff,

Another solution is to have the users authenticated in the program and have
the files sitting in a local directory that the program will be the only way
of getting to the files from outside.

Eliyahu

"UJ" <fr**@nowhere.com> wrote in message
news:uj**************@TK2MSFTNGP15.phx.gbl...
Folks,
We provide custom content for our customers. Currently we put the files on
our server and people have a program we provide that will download the
files. These files are usually SWF, HTML or JPG files. The problem as I
see it - if you know the name of the file, you could download it off the
server (currently we are using an HTTP/Get but I'm going to be using
WebClient in the new version.)

If there any way to password protect the file so people can't just
download them even if they know the file name?

The solutions I've come up with are:

1. Store the file in the database as a blob and read it (but this could
get slow as we will eventually add video which could get really big - up
to 100MB).

2. Write a web service that will transfer the file back that has a
password on it.

Any other suggestions?

TIA - Jeff

Dec 19 '05 #2

P: n/a
UJ
Eliyahu,
I'm not sure I understand you. That is essentilly what we already do. The
problem is when the program goes out to our server to get the file, the
files are unprotected on our server. I guess the question becomes how should
I protect the files on the server so the program and only the program can
access them.

Jeff.

"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
Jeff,

Another solution is to have the users authenticated in the program and
have the files sitting in a local directory that the program will be the
only way of getting to the files from outside.

Eliyahu

"UJ" <fr**@nowhere.com> wrote in message
news:uj**************@TK2MSFTNGP15.phx.gbl...
Folks,
We provide custom content for our customers. Currently we put the files
on our server and people have a program we provide that will download the
files. These files are usually SWF, HTML or JPG files. The problem as I
see it - if you know the name of the file, you could download it off the
server (currently we are using an HTTP/Get but I'm going to be using
WebClient in the new version.)

If there any way to password protect the file so people can't just
download them even if they know the file name?

The solutions I've come up with are:

1. Store the file in the database as a blob and read it (but this could
get slow as we will eventually add video which could get really big - up
to 100MB).

2. Write a web service that will transfer the file back that has a
password on it.

Any other suggestions?

TIA - Jeff


Dec 19 '05 #3

P: n/a
Jeff,

You could turn off anonymous access on the website and use only integrated
security. Integrated security uses encrypted user names and passwords. Then
create a username and password for your application to use when it makes the
webrequest for a file in question. You can create a Credential object that
the webrequest may use in order to authenticate to the website.

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
"UJ" <fr**@nowhere.com> wrote in message
news:uO*************@TK2MSFTNGP14.phx.gbl...
Eliyahu,
I'm not sure I understand you. That is essentilly what we already do. The
problem is when the program goes out to our server to get the file, the
files are unprotected on our server. I guess the question becomes how
should I protect the files on the server so the program and only the
program can access them.

Jeff.

"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
Jeff,

Another solution is to have the users authenticated in the program and
have the files sitting in a local directory that the program will be the
only way of getting to the files from outside.

Eliyahu

"UJ" <fr**@nowhere.com> wrote in message
news:uj**************@TK2MSFTNGP15.phx.gbl...
Folks,
We provide custom content for our customers. Currently we put the files
on our server and people have a program we provide that will download
the files. These files are usually SWF, HTML or JPG files. The problem
as I see it - if you know the name of the file, you could download it
off the server (currently we are using an HTTP/Get but I'm going to be
using WebClient in the new version.)

If there any way to password protect the file so people can't just
download them even if they know the file name?

The solutions I've come up with are:

1. Store the file in the database as a blob and read it (but this could
get slow as we will eventually add video which could get really big - up
to 100MB).

2. Write a web service that will transfer the file back that has a
password on it.

Any other suggestions?

TIA - Jeff



Dec 19 '05 #4

P: n/a
Does your program on server in asp.net? If it does, are the files on a
separate server?

Eliyahu

"UJ" <fr**@nowhere.com> wrote in message
news:uO*************@TK2MSFTNGP14.phx.gbl...
Eliyahu,
I'm not sure I understand you. That is essentilly what we already do. The
problem is when the program goes out to our server to get the file, the
files are unprotected on our server. I guess the question becomes how
should I protect the files on the server so the program and only the
program can access them.

Jeff.

"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
Jeff,

Another solution is to have the users authenticated in the program and
have the files sitting in a local directory that the program will be the
only way of getting to the files from outside.

Eliyahu

"UJ" <fr**@nowhere.com> wrote in message
news:uj**************@TK2MSFTNGP15.phx.gbl...
Folks,
We provide custom content for our customers. Currently we put the files
on our server and people have a program we provide that will download
the files. These files are usually SWF, HTML or JPG files. The problem
as I see it - if you know the name of the file, you could download it
off the server (currently we are using an HTTP/Get but I'm going to be
using WebClient in the new version.)

If there any way to password protect the file so people can't just
download them even if they know the file name?

The solutions I've come up with are:

1. Store the file in the database as a blob and read it (but this could
get slow as we will eventually add video which could get really big - up
to 100MB).

2. Write a web service that will transfer the file back that has a
password on it.

Any other suggestions?

TIA - Jeff



Dec 19 '05 #5

P: n/a
UJ
The files are all on the same server as my ASP.Net application.

"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:u6*************@TK2MSFTNGP11.phx.gbl...
Does your program on server in asp.net? If it does, are the files on a
separate server?

Eliyahu

"UJ" <fr**@nowhere.com> wrote in message
news:uO*************@TK2MSFTNGP14.phx.gbl...
Eliyahu,
I'm not sure I understand you. That is essentilly what we already do. The
problem is when the program goes out to our server to get the file, the
files are unprotected on our server. I guess the question becomes how
should I protect the files on the server so the program and only the
program can access them.

Jeff.

"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
Jeff,

Another solution is to have the users authenticated in the program and
have the files sitting in a local directory that the program will be the
only way of getting to the files from outside.

Eliyahu

"UJ" <fr**@nowhere.com> wrote in message
news:uj**************@TK2MSFTNGP15.phx.gbl...
Folks,
We provide custom content for our customers. Currently we put the files
on our server and people have a program we provide that will download
the files. These files are usually SWF, HTML or JPG files. The problem
as I see it - if you know the name of the file, you could download it
off the server (currently we are using an HTTP/Get but I'm going to be
using WebClient in the new version.)

If there any way to password protect the file so people can't just
download them even if they know the file name?

The solutions I've come up with are:

1. Store the file in the database as a blob and read it (but this could
get slow as we will eventually add video which could get really big -
up to 100MB).

2. Write a web service that will transfer the file back that has a
password on it.

Any other suggestions?

TIA - Jeff



Dec 19 '05 #6

P: n/a
Why do you say the files are unprotected? If you keep them just in a local
directory, not mapped as a virtual one and not a sub-directory of your site,
no one can get to them from the web.

Eliyahu

"UJ" <fr**@nowhere.com> wrote in message
news:eq**************@TK2MSFTNGP11.phx.gbl...
The files are all on the same server as my ASP.Net application.

"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:u6*************@TK2MSFTNGP11.phx.gbl...
Does your program on server in asp.net? If it does, are the files on a
separate server?

Eliyahu

"UJ" <fr**@nowhere.com> wrote in message
news:uO*************@TK2MSFTNGP14.phx.gbl...
Eliyahu,
I'm not sure I understand you. That is essentilly what we already do. The problem is when the program goes out to our server to get the file, the
files are unprotected on our server. I guess the question becomes how
should I protect the files on the server so the program and only the
program can access them.

Jeff.

"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
Jeff,

Another solution is to have the users authenticated in the program and
have the files sitting in a local directory that the program will be the only way of getting to the files from outside.

Eliyahu

"UJ" <fr**@nowhere.com> wrote in message
news:uj**************@TK2MSFTNGP15.phx.gbl...
> Folks,
> We provide custom content for our customers. Currently we put the files> on our server and people have a program we provide that will download
> the files. These files are usually SWF, HTML or JPG files. The problem> as I see it - if you know the name of the file, you could download it
> off the server (currently we are using an HTTP/Get but I'm going to be> using WebClient in the new version.)
>
> If there any way to password protect the file so people can't just
> download them even if they know the file name?
>
> The solutions I've come up with are:
>
> 1. Store the file in the database as a blob and read it (but this could> get slow as we will eventually add video which could get really big -
> up to 100MB).
>
> 2. Write a web service that will transfer the file back that has a
> password on it.
>
> Any other suggestions?
>
> TIA - Jeff
>
>



Dec 19 '05 #7

P: n/a
UJ
I guess that's the problem. At the moment if you go to
www.fred.com/files/file1234.swf it will bring up the file. What I'm looking
to do instead is have the program ask the server for a file somehow - but
I'm looking for suggestions on how to do that. I would assume it would be a
web service that the program calls. But what's the easiest way to transfer
the file. Currently I'm using WebClient.

TIA - Jeff.

"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:%2***************@TK2MSFTNGP09.phx.gbl...
Why do you say the files are unprotected? If you keep them just in a local
directory, not mapped as a virtual one and not a sub-directory of your
site,
no one can get to them from the web.

Eliyahu

"UJ" <fr**@nowhere.com> wrote in message
news:eq**************@TK2MSFTNGP11.phx.gbl...
The files are all on the same server as my ASP.Net application.

"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:u6*************@TK2MSFTNGP11.phx.gbl...
> Does your program on server in asp.net? If it does, are the files on a
> separate server?
>
> Eliyahu
>
> "UJ" <fr**@nowhere.com> wrote in message
> news:uO*************@TK2MSFTNGP14.phx.gbl...
>> Eliyahu,
>> I'm not sure I understand you. That is essentilly what we already do. The >> problem is when the program goes out to our server to get the file,
>> the
>> files are unprotected on our server. I guess the question becomes how
>> should I protect the files on the server so the program and only the
>> program can access them.
>>
>> Jeff.
>>
>> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
>> news:%2****************@TK2MSFTNGP09.phx.gbl...
>>> Jeff,
>>>
>>> Another solution is to have the users authenticated in the program
>>> and
>>> have the files sitting in a local directory that the program will be the >>> only way of getting to the files from outside.
>>>
>>> Eliyahu
>>>
>>> "UJ" <fr**@nowhere.com> wrote in message
>>> news:uj**************@TK2MSFTNGP15.phx.gbl...
>>>> Folks,
>>>> We provide custom content for our customers. Currently we put the files >>>> on our server and people have a program we provide that will
>>>> download
>>>> the files. These files are usually SWF, HTML or JPG files. The problem >>>> as I see it - if you know the name of the file, you could download
>>>> it
>>>> off the server (currently we are using an HTTP/Get but I'm going to be >>>> using WebClient in the new version.)
>>>>
>>>> If there any way to password protect the file so people can't just
>>>> download them even if they know the file name?
>>>>
>>>> The solutions I've come up with are:
>>>>
>>>> 1. Store the file in the database as a blob and read it (but this could >>>> get slow as we will eventually add video which could get really
>>>> big -
>>>> up to 100MB).
>>>>
>>>> 2. Write a web service that will transfer the file back that has a
>>>> password on it.
>>>>
>>>> Any other suggestions?
>>>>
>>>> TIA - Jeff
>>>>
>>>>
>>>
>>>
>>
>>
>
>



Dec 19 '05 #8

P: n/a
Sorry for making the same point again and again. Do you have a particular
requirement for keeping files in a subdirectory of your site or a virtual
directory?

Eliyahu

"UJ" <fr**@nowhere.com> wrote in message
news:eQ**************@TK2MSFTNGP10.phx.gbl...
I guess that's the problem. At the moment if you go to
www.fred.com/files/file1234.swf it will bring up the file. What I'm looking
to do instead is have the program ask the server for a file somehow - but
I'm looking for suggestions on how to do that. I would assume it would be a
web service that the program calls. But what's the easiest way to transfer
the file. Currently I'm using WebClient.

TIA - Jeff.

"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:%2***************@TK2MSFTNGP09.phx.gbl...
Why do you say the files are unprotected? If you keep them just in a
local
directory, not mapped as a virtual one and not a sub-directory of your
site,
no one can get to them from the web.

Eliyahu

"UJ" <fr**@nowhere.com> wrote in message
news:eq**************@TK2MSFTNGP11.phx.gbl...
The files are all on the same server as my ASP.Net application.

"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:u6*************@TK2MSFTNGP11.phx.gbl...
> Does your program on server in asp.net? If it does, are the files on a
> separate server?
>
> Eliyahu
>
> "UJ" <fr**@nowhere.com> wrote in message
> news:uO*************@TK2MSFTNGP14.phx.gbl...
>> Eliyahu,
>> I'm not sure I understand you. That is essentilly what we already do.

The
>> problem is when the program goes out to our server to get the file,
>> the
>> files are unprotected on our server. I guess the question becomes how
>> should I protect the files on the server so the program and only the
>> program can access them.
>>
>> Jeff.
>>
>> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
>> news:%2****************@TK2MSFTNGP09.phx.gbl...
>>> Jeff,
>>>
>>> Another solution is to have the users authenticated in the program
>>> and
>>> have the files sitting in a local directory that the program will be

the
>>> only way of getting to the files from outside.
>>>
>>> Eliyahu
>>>
>>> "UJ" <fr**@nowhere.com> wrote in message
>>> news:uj**************@TK2MSFTNGP15.phx.gbl...
>>>> Folks,
>>>> We provide custom content for our customers. Currently we put the

files
>>>> on our server and people have a program we provide that will
>>>> download
>>>> the files. These files are usually SWF, HTML or JPG files. The

problem
>>>> as I see it - if you know the name of the file, you could download
>>>> it
>>>> off the server (currently we are using an HTTP/Get but I'm going to

be
>>>> using WebClient in the new version.)
>>>>
>>>> If there any way to password protect the file so people can't just
>>>> download them even if they know the file name?
>>>>
>>>> The solutions I've come up with are:
>>>>
>>>> 1. Store the file in the database as a blob and read it (but this

could
>>>> get slow as we will eventually add video which could get really
>>>> big -
>>>> up to 100MB).
>>>>
>>>> 2. Write a web service that will transfer the file back that has a
>>>> password on it.
>>>>
>>>> Any other suggestions?
>>>>
>>>> TIA - Jeff
>>>>
>>>>
>>>
>>>
>>
>>
>
>



Dec 20 '05 #9

P: n/a
UJ
Eliyahu,
First thanks for attempting to help me on this. Let me start over and
explain what I'm trying to accomplish and that may help.

I am working on a system where we display content my company creates. The
end user has a machine we provide them. Currently we generate a list of
files that then get downloaded to the machine via an HTTP Get command (both
the list of files plus the actual files to be downloaded). The files are in
a virtual directory on our server which you can connect to directly through
a browser interface (the original version of the software, which I didn't
write, went the net directly every time but if your net connection was down
nothing would display.) So currently the program(s) get the list of files it
needs to download, then it goes out through an unsecured (although it is
SSL) connection to a virtual directory on our server.

My problem is, and maybe I'm making too much of this is if you know the
directory name on the machine, you can pretty quickly figure out our naming
convention and then just start grabbing the files yourself. This of course
is not what we want. We want people to pay for our service.

So my thought was trying to do something to protect the files on the server.
I realize I could make them not in a virtual directory and write a Web
Service that would transfer the files but that seems cumbersome. If that's
the best way to do it, I'm OK with it. The problem could be though that the
files we transfer at the moment are small (< 1MB) but could in the future
get huge (we are talking about doing video.) So I'm looking for a solution
that can handle those files.

Currently I'm using WebClient which doesn't appear to have any security on
it.

Hope this is clear.

Thanks again for your help.

Jeff.

"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:OA*************@TK2MSFTNGP09.phx.gbl...
Sorry for making the same point again and again. Do you have a particular
requirement for keeping files in a subdirectory of your site or a virtual
directory?

Eliyahu

"UJ" <fr**@nowhere.com> wrote in message
news:eQ**************@TK2MSFTNGP10.phx.gbl...
I guess that's the problem. At the moment if you go to
www.fred.com/files/file1234.swf it will bring up the file. What I'm
looking to do instead is have the program ask the server for a file
somehow - but I'm looking for suggestions on how to do that. I would
assume it would be a web service that the program calls. But what's the
easiest way to transfer the file. Currently I'm using WebClient.

TIA - Jeff.

"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:%2***************@TK2MSFTNGP09.phx.gbl...
Why do you say the files are unprotected? If you keep them just in a
local
directory, not mapped as a virtual one and not a sub-directory of your
site,
no one can get to them from the web.

Eliyahu

"UJ" <fr**@nowhere.com> wrote in message
news:eq**************@TK2MSFTNGP11.phx.gbl...
The files are all on the same server as my ASP.Net application.

"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:u6*************@TK2MSFTNGP11.phx.gbl...
> Does your program on server in asp.net? If it does, are the files on
> a
> separate server?
>
> Eliyahu
>
> "UJ" <fr**@nowhere.com> wrote in message
> news:uO*************@TK2MSFTNGP14.phx.gbl...
>> Eliyahu,
>> I'm not sure I understand you. That is essentilly what we already
>> do.
The
>> problem is when the program goes out to our server to get the file,
>> the
>> files are unprotected on our server. I guess the question becomes
>> how
>> should I protect the files on the server so the program and only the
>> program can access them.
>>
>> Jeff.
>>
>> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
>> news:%2****************@TK2MSFTNGP09.phx.gbl...
>>> Jeff,
>>>
>>> Another solution is to have the users authenticated in the program
>>> and
>>> have the files sitting in a local directory that the program will
>>> be
the
>>> only way of getting to the files from outside.
>>>
>>> Eliyahu
>>>
>>> "UJ" <fr**@nowhere.com> wrote in message
>>> news:uj**************@TK2MSFTNGP15.phx.gbl...
>>>> Folks,
>>>> We provide custom content for our customers. Currently we put the
files
>>>> on our server and people have a program we provide that will
>>>> download
>>>> the files. These files are usually SWF, HTML or JPG files. The
problem
>>>> as I see it - if you know the name of the file, you could download
>>>> it
>>>> off the server (currently we are using an HTTP/Get but I'm going
>>>> to
be
>>>> using WebClient in the new version.)
>>>>
>>>> If there any way to password protect the file so people can't just
>>>> download them even if they know the file name?
>>>>
>>>> The solutions I've come up with are:
>>>>
>>>> 1. Store the file in the database as a blob and read it (but this
could
>>>> get slow as we will eventually add video which could get really
>>>> big -
>>>> up to 100MB).
>>>>
>>>> 2. Write a web service that will transfer the file back that has a
>>>> password on it.
>>>>
>>>> Any other suggestions?
>>>>
>>>> TIA - Jeff
>>>>
>>>>
>>>
>>>
>>
>>
>
>



Dec 20 '05 #10

P: n/a
Jeff,

I would recommend keeping the files in a server's local directory, not on a
virtual one, and providing an asp.net page that would serve download
requests. Instead of using http Get command, make calls to
GetFiles.aspx?action=list for the list of files and
GetFiles.aspx?action=file&name=file1234.swf . GetFiles.aspx would get the
files from the local directory and stream them down to the clients. You
don't need any webservice for that.

Eliyahu

"UJ" <fr**@nowhere.com> wrote in message
news:OC**************@TK2MSFTNGP12.phx.gbl...
Eliyahu,
First thanks for attempting to help me on this. Let me start over and
explain what I'm trying to accomplish and that may help.

I am working on a system where we display content my company creates. The
end user has a machine we provide them. Currently we generate a list of
files that then get downloaded to the machine via an HTTP Get command
(both the list of files plus the actual files to be downloaded). The files
are in a virtual directory on our server which you can connect to directly
through a browser interface (the original version of the software, which I
didn't write, went the net directly every time but if your net connection
was down nothing would display.) So currently the program(s) get the list
of files it needs to download, then it goes out through an unsecured
(although it is SSL) connection to a virtual directory on our server.

My problem is, and maybe I'm making too much of this is if you know the
directory name on the machine, you can pretty quickly figure out our
naming convention and then just start grabbing the files yourself. This of
course is not what we want. We want people to pay for our service.

So my thought was trying to do something to protect the files on the
server. I realize I could make them not in a virtual directory and write a
Web Service that would transfer the files but that seems cumbersome. If
that's the best way to do it, I'm OK with it. The problem could be though
that the files we transfer at the moment are small (< 1MB) but could in
the future get huge (we are talking about doing video.) So I'm looking for
a solution that can handle those files.

Currently I'm using WebClient which doesn't appear to have any security on
it.

Hope this is clear.

Thanks again for your help.

Jeff.

"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:OA*************@TK2MSFTNGP09.phx.gbl...
Sorry for making the same point again and again. Do you have a particular
requirement for keeping files in a subdirectory of your site or a virtual
directory?

Eliyahu

"UJ" <fr**@nowhere.com> wrote in message
news:eQ**************@TK2MSFTNGP10.phx.gbl...
I guess that's the problem. At the moment if you go to
www.fred.com/files/file1234.swf it will bring up the file. What I'm
looking to do instead is have the program ask the server for a file
somehow - but I'm looking for suggestions on how to do that. I would
assume it would be a web service that the program calls. But what's the
easiest way to transfer the file. Currently I'm using WebClient.

TIA - Jeff.

"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:%2***************@TK2MSFTNGP09.phx.gbl...
Why do you say the files are unprotected? If you keep them just in a
local
directory, not mapped as a virtual one and not a sub-directory of your
site,
no one can get to them from the web.

Eliyahu

"UJ" <fr**@nowhere.com> wrote in message
news:eq**************@TK2MSFTNGP11.phx.gbl...
> The files are all on the same server as my ASP.Net application.
>
> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
> news:u6*************@TK2MSFTNGP11.phx.gbl...
> > Does your program on server in asp.net? If it does, are the files on
> > a
> > separate server?
> >
> > Eliyahu
> >
> > "UJ" <fr**@nowhere.com> wrote in message
> > news:uO*************@TK2MSFTNGP14.phx.gbl...
> >> Eliyahu,
> >> I'm not sure I understand you. That is essentilly what we already
> >> do.
The
> >> problem is when the program goes out to our server to get the file,
> >> the
> >> files are unprotected on our server. I guess the question becomes
> >> how
> >> should I protect the files on the server so the program and only
> >> the
> >> program can access them.
> >>
> >> Jeff.
> >>
> >> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
> >> news:%2****************@TK2MSFTNGP09.phx.gbl...
> >>> Jeff,
> >>>
> >>> Another solution is to have the users authenticated in the program
> >>> and
> >>> have the files sitting in a local directory that the program will
> >>> be
the
> >>> only way of getting to the files from outside.
> >>>
> >>> Eliyahu
> >>>
> >>> "UJ" <fr**@nowhere.com> wrote in message
> >>> news:uj**************@TK2MSFTNGP15.phx.gbl...
> >>>> Folks,
> >>>> We provide custom content for our customers. Currently we put the
files
> >>>> on our server and people have a program we provide that will
> >>>> download
> >>>> the files. These files are usually SWF, HTML or JPG files. The
problem
> >>>> as I see it - if you know the name of the file, you could
> >>>> download it
> >>>> off the server (currently we are using an HTTP/Get but I'm going
> >>>> to
be
> >>>> using WebClient in the new version.)
> >>>>
> >>>> If there any way to password protect the file so people can't
> >>>> just
> >>>> download them even if they know the file name?
> >>>>
> >>>> The solutions I've come up with are:
> >>>>
> >>>> 1. Store the file in the database as a blob and read it (but this
could
> >>>> get slow as we will eventually add video which could get really
> >>>> big -
> >>>> up to 100MB).
> >>>>
> >>>> 2. Write a web service that will transfer the file back that has
> >>>> a
> >>>> password on it.
> >>>>
> >>>> Any other suggestions?
> >>>>
> >>>> TIA - Jeff
> >>>>
> >>>>
> >>>
> >>>
> >>
> >>
> >
> >
>
>



Dec 20 '05 #11

P: n/a
UJ
Eliyahu,

Thanks for the info but I'm not sure how the page would return the file. Do
you mean have GetFiles.aspx would just load the file? What would I do on the
client end - a WebClient request with that as the URL?

Jeff.

"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
Jeff,

I would recommend keeping the files in a server's local directory, not on
a virtual one, and providing an asp.net page that would serve download
requests. Instead of using http Get command, make calls to
GetFiles.aspx?action=list for the list of files and
GetFiles.aspx?action=file&name=file1234.swf . GetFiles.aspx would get the
files from the local directory and stream them down to the clients. You
don't need any webservice for that.

Eliyahu

"UJ" <fr**@nowhere.com> wrote in message
news:OC**************@TK2MSFTNGP12.phx.gbl...
Eliyahu,
First thanks for attempting to help me on this. Let me start over and
explain what I'm trying to accomplish and that may help.

I am working on a system where we display content my company creates. The
end user has a machine we provide them. Currently we generate a list of
files that then get downloaded to the machine via an HTTP Get command
(both the list of files plus the actual files to be downloaded). The
files are in a virtual directory on our server which you can connect to
directly through a browser interface (the original version of the
software, which I didn't write, went the net directly every time but if
your net connection was down nothing would display.) So currently the
program(s) get the list of files it needs to download, then it goes out
through an unsecured (although it is SSL) connection to a virtual
directory on our server.

My problem is, and maybe I'm making too much of this is if you know the
directory name on the machine, you can pretty quickly figure out our
naming convention and then just start grabbing the files yourself. This
of course is not what we want. We want people to pay for our service.

So my thought was trying to do something to protect the files on the
server. I realize I could make them not in a virtual directory and write
a Web Service that would transfer the files but that seems cumbersome. If
that's the best way to do it, I'm OK with it. The problem could be though
that the files we transfer at the moment are small (< 1MB) but could in
the future get huge (we are talking about doing video.) So I'm looking
for a solution that can handle those files.

Currently I'm using WebClient which doesn't appear to have any security
on it.

Hope this is clear.

Thanks again for your help.

Jeff.

"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:OA*************@TK2MSFTNGP09.phx.gbl...
Sorry for making the same point again and again. Do you have a
particular requirement for keeping files in a subdirectory of your site
or a virtual directory?

Eliyahu

"UJ" <fr**@nowhere.com> wrote in message
news:eQ**************@TK2MSFTNGP10.phx.gbl...
I guess that's the problem. At the moment if you go to
www.fred.com/files/file1234.swf it will bring up the file. What I'm
looking to do instead is have the program ask the server for a file
somehow - but I'm looking for suggestions on how to do that. I would
assume it would be a web service that the program calls. But what's the
easiest way to transfer the file. Currently I'm using WebClient.

TIA - Jeff.

"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:%2***************@TK2MSFTNGP09.phx.gbl...
> Why do you say the files are unprotected? If you keep them just in a
> local
> directory, not mapped as a virtual one and not a sub-directory of your
> site,
> no one can get to them from the web.
>
> Eliyahu
>
> "UJ" <fr**@nowhere.com> wrote in message
> news:eq**************@TK2MSFTNGP11.phx.gbl...
>> The files are all on the same server as my ASP.Net application.
>>
>> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
>> news:u6*************@TK2MSFTNGP11.phx.gbl...
>> > Does your program on server in asp.net? If it does, are the files
>> > on a
>> > separate server?
>> >
>> > Eliyahu
>> >
>> > "UJ" <fr**@nowhere.com> wrote in message
>> > news:uO*************@TK2MSFTNGP14.phx.gbl...
>> >> Eliyahu,
>> >> I'm not sure I understand you. That is essentilly what we already
>> >> do.
> The
>> >> problem is when the program goes out to our server to get the
>> >> file, the
>> >> files are unprotected on our server. I guess the question becomes
>> >> how
>> >> should I protect the files on the server so the program and only
>> >> the
>> >> program can access them.
>> >>
>> >> Jeff.
>> >>
>> >> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
>> >> news:%2****************@TK2MSFTNGP09.phx.gbl...
>> >>> Jeff,
>> >>>
>> >>> Another solution is to have the users authenticated in the
>> >>> program and
>> >>> have the files sitting in a local directory that the program will
>> >>> be
> the
>> >>> only way of getting to the files from outside.
>> >>>
>> >>> Eliyahu
>> >>>
>> >>> "UJ" <fr**@nowhere.com> wrote in message
>> >>> news:uj**************@TK2MSFTNGP15.phx.gbl...
>> >>>> Folks,
>> >>>> We provide custom content for our customers. Currently we put
>> >>>> the
> files
>> >>>> on our server and people have a program we provide that will
>> >>>> download
>> >>>> the files. These files are usually SWF, HTML or JPG files. The
> problem
>> >>>> as I see it - if you know the name of the file, you could
>> >>>> download it
>> >>>> off the server (currently we are using an HTTP/Get but I'm going
>> >>>> to
> be
>> >>>> using WebClient in the new version.)
>> >>>>
>> >>>> If there any way to password protect the file so people can't
>> >>>> just
>> >>>> download them even if they know the file name?
>> >>>>
>> >>>> The solutions I've come up with are:
>> >>>>
>> >>>> 1. Store the file in the database as a blob and read it (but
>> >>>> this
> could
>> >>>> get slow as we will eventually add video which could get really
>> >>>> big -
>> >>>> up to 100MB).
>> >>>>
>> >>>> 2. Write a web service that will transfer the file back that has
>> >>>> a
>> >>>> password on it.
>> >>>>
>> >>>> Any other suggestions?
>> >>>>
>> >>>> TIA - Jeff
>> >>>>
>> >>>>
>> >>>
>> >>>
>> >>
>> >>
>> >
>> >
>>
>>
>
>



Dec 20 '05 #12

P: n/a
Any control that refers to an url can refer to
GetFiles.aspx?action=file&name=file1234.swf
Like <a href="GetFiles.aspx?action=file&name=file1234.swf" ...
or
<img src=GetFiles.aspx?action=file&name=file1234.gif...
The server code should take care of streaming the file with correct MIME
type.

Eliyahu

"UJ" <fr**@nowhere.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
Eliyahu,

Thanks for the info but I'm not sure how the page would return the file.
Do you mean have GetFiles.aspx would just load the file? What would I do
on the client end - a WebClient request with that as the URL?

Jeff.

"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
Jeff,

I would recommend keeping the files in a server's local directory, not on
a virtual one, and providing an asp.net page that would serve download
requests. Instead of using http Get command, make calls to
GetFiles.aspx?action=list for the list of files and
GetFiles.aspx?action=file&name=file1234.swf . GetFiles.aspx would get the
files from the local directory and stream them down to the clients. You
don't need any webservice for that.

Eliyahu

"UJ" <fr**@nowhere.com> wrote in message
news:OC**************@TK2MSFTNGP12.phx.gbl...
Eliyahu,
First thanks for attempting to help me on this. Let me start over and
explain what I'm trying to accomplish and that may help.

I am working on a system where we display content my company creates.
The end user has a machine we provide them. Currently we generate a list
of files that then get downloaded to the machine via an HTTP Get command
(both the list of files plus the actual files to be downloaded). The
files are in a virtual directory on our server which you can connect to
directly through a browser interface (the original version of the
software, which I didn't write, went the net directly every time but if
your net connection was down nothing would display.) So currently the
program(s) get the list of files it needs to download, then it goes out
through an unsecured (although it is SSL) connection to a virtual
directory on our server.

My problem is, and maybe I'm making too much of this is if you know the
directory name on the machine, you can pretty quickly figure out our
naming convention and then just start grabbing the files yourself. This
of course is not what we want. We want people to pay for our service.

So my thought was trying to do something to protect the files on the
server. I realize I could make them not in a virtual directory and write
a Web Service that would transfer the files but that seems cumbersome.
If that's the best way to do it, I'm OK with it. The problem could be
though that the files we transfer at the moment are small (< 1MB) but
could in the future get huge (we are talking about doing video.) So I'm
looking for a solution that can handle those files.

Currently I'm using WebClient which doesn't appear to have any security
on it.

Hope this is clear.

Thanks again for your help.

Jeff.

"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:OA*************@TK2MSFTNGP09.phx.gbl...
Sorry for making the same point again and again. Do you have a
particular requirement for keeping files in a subdirectory of your site
or a virtual directory?

Eliyahu

"UJ" <fr**@nowhere.com> wrote in message
news:eQ**************@TK2MSFTNGP10.phx.gbl...
>I guess that's the problem. At the moment if you go to
>www.fred.com/files/file1234.swf it will bring up the file. What I'm
>looking to do instead is have the program ask the server for a file
>somehow - but I'm looking for suggestions on how to do that. I would
>assume it would be a web service that the program calls. But what's the
>easiest way to transfer the file. Currently I'm using WebClient.
>
> TIA - Jeff.
>
> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
> news:%2***************@TK2MSFTNGP09.phx.gbl...
>> Why do you say the files are unprotected? If you keep them just in a
>> local
>> directory, not mapped as a virtual one and not a sub-directory of
>> your site,
>> no one can get to them from the web.
>>
>> Eliyahu
>>
>> "UJ" <fr**@nowhere.com> wrote in message
>> news:eq**************@TK2MSFTNGP11.phx.gbl...
>>> The files are all on the same server as my ASP.Net application.
>>>
>>> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
>>> news:u6*************@TK2MSFTNGP11.phx.gbl...
>>> > Does your program on server in asp.net? If it does, are the files
>>> > on a
>>> > separate server?
>>> >
>>> > Eliyahu
>>> >
>>> > "UJ" <fr**@nowhere.com> wrote in message
>>> > news:uO*************@TK2MSFTNGP14.phx.gbl...
>>> >> Eliyahu,
>>> >> I'm not sure I understand you. That is essentilly what we already
>>> >> do.
>> The
>>> >> problem is when the program goes out to our server to get the
>>> >> file, the
>>> >> files are unprotected on our server. I guess the question becomes
>>> >> how
>>> >> should I protect the files on the server so the program and only
>>> >> the
>>> >> program can access them.
>>> >>
>>> >> Jeff.
>>> >>
>>> >> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in
>>> >> message
>>> >> news:%2****************@TK2MSFTNGP09.phx.gbl...
>>> >>> Jeff,
>>> >>>
>>> >>> Another solution is to have the users authenticated in the
>>> >>> program and
>>> >>> have the files sitting in a local directory that the program
>>> >>> will be
>> the
>>> >>> only way of getting to the files from outside.
>>> >>>
>>> >>> Eliyahu
>>> >>>
>>> >>> "UJ" <fr**@nowhere.com> wrote in message
>>> >>> news:uj**************@TK2MSFTNGP15.phx.gbl...
>>> >>>> Folks,
>>> >>>> We provide custom content for our customers. Currently we put
>>> >>>> the
>> files
>>> >>>> on our server and people have a program we provide that will
>>> >>>> download
>>> >>>> the files. These files are usually SWF, HTML or JPG files. The
>> problem
>>> >>>> as I see it - if you know the name of the file, you could
>>> >>>> download it
>>> >>>> off the server (currently we are using an HTTP/Get but I'm
>>> >>>> going to
>> be
>>> >>>> using WebClient in the new version.)
>>> >>>>
>>> >>>> If there any way to password protect the file so people can't
>>> >>>> just
>>> >>>> download them even if they know the file name?
>>> >>>>
>>> >>>> The solutions I've come up with are:
>>> >>>>
>>> >>>> 1. Store the file in the database as a blob and read it (but
>>> >>>> this
>> could
>>> >>>> get slow as we will eventually add video which could get really
>>> >>>> big -
>>> >>>> up to 100MB).
>>> >>>>
>>> >>>> 2. Write a web service that will transfer the file back that
>>> >>>> has a
>>> >>>> password on it.
>>> >>>>
>>> >>>> Any other suggestions?
>>> >>>>
>>> >>>> TIA - Jeff
>>> >>>>
>>> >>>>
>>> >>>
>>> >>>
>>> >>
>>> >>
>>> >
>>> >
>>>
>>>
>>
>>
>
>



Dec 20 '05 #13

P: n/a
UJ
Great! I'll give it a try.

Thanks again for your help.

Jeff.

"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:uv*************@TK2MSFTNGP15.phx.gbl...
Any control that refers to an url can refer to
GetFiles.aspx?action=file&name=file1234.swf
Like <a href="GetFiles.aspx?action=file&name=file1234.swf" ...
or
<img src=GetFiles.aspx?action=file&name=file1234.gif...
The server code should take care of streaming the file with correct MIME
type.

Eliyahu

"UJ" <fr**@nowhere.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
Eliyahu,

Thanks for the info but I'm not sure how the page would return the file.
Do you mean have GetFiles.aspx would just load the file? What would I do
on the client end - a WebClient request with that as the URL?

Jeff.

"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
Jeff,

I would recommend keeping the files in a server's local directory, not
on a virtual one, and providing an asp.net page that would serve
download requests. Instead of using http Get command, make calls to
GetFiles.aspx?action=list for the list of files and
GetFiles.aspx?action=file&name=file1234.swf . GetFiles.aspx would get
the files from the local directory and stream them down to the clients.
You don't need any webservice for that.

Eliyahu

"UJ" <fr**@nowhere.com> wrote in message
news:OC**************@TK2MSFTNGP12.phx.gbl...
Eliyahu,
First thanks for attempting to help me on this. Let me start over and
explain what I'm trying to accomplish and that may help.

I am working on a system where we display content my company creates.
The end user has a machine we provide them. Currently we generate a
list of files that then get downloaded to the machine via an HTTP Get
command (both the list of files plus the actual files to be
downloaded). The files are in a virtual directory on our server which
you can connect to directly through a browser interface (the original
version of the software, which I didn't write, went the net directly
every time but if your net connection was down nothing would display.)
So currently the program(s) get the list of files it needs to download,
then it goes out through an unsecured (although it is SSL) connection
to a virtual directory on our server.

My problem is, and maybe I'm making too much of this is if you know the
directory name on the machine, you can pretty quickly figure out our
naming convention and then just start grabbing the files yourself. This
of course is not what we want. We want people to pay for our service.

So my thought was trying to do something to protect the files on the
server. I realize I could make them not in a virtual directory and
write a Web Service that would transfer the files but that seems
cumbersome. If that's the best way to do it, I'm OK with it. The
problem could be though that the files we transfer at the moment are
small (< 1MB) but could in the future get huge (we are talking about
doing video.) So I'm looking for a solution that can handle those
files.

Currently I'm using WebClient which doesn't appear to have any security
on it.

Hope this is clear.

Thanks again for your help.

Jeff.

"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:OA*************@TK2MSFTNGP09.phx.gbl...
> Sorry for making the same point again and again. Do you have a
> particular requirement for keeping files in a subdirectory of your
> site or a virtual directory?
>
> Eliyahu
>
> "UJ" <fr**@nowhere.com> wrote in message
> news:eQ**************@TK2MSFTNGP10.phx.gbl...
>>I guess that's the problem. At the moment if you go to
>>www.fred.com/files/file1234.swf it will bring up the file. What I'm
>>looking to do instead is have the program ask the server for a file
>>somehow - but I'm looking for suggestions on how to do that. I would
>>assume it would be a web service that the program calls. But what's
>>the easiest way to transfer the file. Currently I'm using WebClient.
>>
>> TIA - Jeff.
>>
>> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
>> news:%2***************@TK2MSFTNGP09.phx.gbl...
>>> Why do you say the files are unprotected? If you keep them just in a
>>> local
>>> directory, not mapped as a virtual one and not a sub-directory of
>>> your site,
>>> no one can get to them from the web.
>>>
>>> Eliyahu
>>>
>>> "UJ" <fr**@nowhere.com> wrote in message
>>> news:eq**************@TK2MSFTNGP11.phx.gbl...
>>>> The files are all on the same server as my ASP.Net application.
>>>>
>>>> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
>>>> news:u6*************@TK2MSFTNGP11.phx.gbl...
>>>> > Does your program on server in asp.net? If it does, are the files
>>>> > on a
>>>> > separate server?
>>>> >
>>>> > Eliyahu
>>>> >
>>>> > "UJ" <fr**@nowhere.com> wrote in message
>>>> > news:uO*************@TK2MSFTNGP14.phx.gbl...
>>>> >> Eliyahu,
>>>> >> I'm not sure I understand you. That is essentilly what we
>>>> >> already do.
>>> The
>>>> >> problem is when the program goes out to our server to get the
>>>> >> file, the
>>>> >> files are unprotected on our server. I guess the question
>>>> >> becomes how
>>>> >> should I protect the files on the server so the program and only
>>>> >> the
>>>> >> program can access them.
>>>> >>
>>>> >> Jeff.
>>>> >>
>>>> >> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in
>>>> >> message
>>>> >> news:%2****************@TK2MSFTNGP09.phx.gbl...
>>>> >>> Jeff,
>>>> >>>
>>>> >>> Another solution is to have the users authenticated in the
>>>> >>> program and
>>>> >>> have the files sitting in a local directory that the program
>>>> >>> will be
>>> the
>>>> >>> only way of getting to the files from outside.
>>>> >>>
>>>> >>> Eliyahu
>>>> >>>
>>>> >>> "UJ" <fr**@nowhere.com> wrote in message
>>>> >>> news:uj**************@TK2MSFTNGP15.phx.gbl...
>>>> >>>> Folks,
>>>> >>>> We provide custom content for our customers. Currently we put
>>>> >>>> the
>>> files
>>>> >>>> on our server and people have a program we provide that will
>>>> >>>> download
>>>> >>>> the files. These files are usually SWF, HTML or JPG files. The
>>> problem
>>>> >>>> as I see it - if you know the name of the file, you could
>>>> >>>> download it
>>>> >>>> off the server (currently we are using an HTTP/Get but I'm
>>>> >>>> going to
>>> be
>>>> >>>> using WebClient in the new version.)
>>>> >>>>
>>>> >>>> If there any way to password protect the file so people can't
>>>> >>>> just
>>>> >>>> download them even if they know the file name?
>>>> >>>>
>>>> >>>> The solutions I've come up with are:
>>>> >>>>
>>>> >>>> 1. Store the file in the database as a blob and read it (but
>>>> >>>> this
>>> could
>>>> >>>> get slow as we will eventually add video which could get
>>>> >>>> really big -
>>>> >>>> up to 100MB).
>>>> >>>>
>>>> >>>> 2. Write a web service that will transfer the file back that
>>>> >>>> has a
>>>> >>>> password on it.
>>>> >>>>
>>>> >>>> Any other suggestions?
>>>> >>>>
>>>> >>>> TIA - Jeff
>>>> >>>>
>>>> >>>>
>>>> >>>
>>>> >>>
>>>> >>
>>>> >>
>>>> >
>>>> >
>>>>
>>>>
>>>
>>>
>>
>>
>
>



Dec 20 '05 #14

P: n/a
UJ
Ok Eliyahu. Aparently I'm an Idiot. How do I download the file in the
GetFiles.aspx page? I tried a server.transfer and it didn't display
correctly (of course I tried it just in the browser not calling it from
another piece of code.)

Any suggestions?

Jeff. (You humble servant....)

"UJ" <fr**@nowhere.com> wrote in message
news:eG**************@TK2MSFTNGP09.phx.gbl...
Great! I'll give it a try.

Thanks again for your help.

Jeff.

"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:uv*************@TK2MSFTNGP15.phx.gbl...
Any control that refers to an url can refer to
GetFiles.aspx?action=file&name=file1234.swf
Like <a href="GetFiles.aspx?action=file&name=file1234.swf" ...
or
<img src=GetFiles.aspx?action=file&name=file1234.gif...
The server code should take care of streaming the file with correct MIME
type.

Eliyahu

"UJ" <fr**@nowhere.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
Eliyahu,

Thanks for the info but I'm not sure how the page would return the file.
Do you mean have GetFiles.aspx would just load the file? What would I do
on the client end - a WebClient request with that as the URL?

Jeff.

"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
Jeff,

I would recommend keeping the files in a server's local directory, not
on a virtual one, and providing an asp.net page that would serve
download requests. Instead of using http Get command, make calls to
GetFiles.aspx?action=list for the list of files and
GetFiles.aspx?action=file&name=file1234.swf . GetFiles.aspx would get
the files from the local directory and stream them down to the clients.
You don't need any webservice for that.

Eliyahu

"UJ" <fr**@nowhere.com> wrote in message
news:OC**************@TK2MSFTNGP12.phx.gbl...
> Eliyahu,
> First thanks for attempting to help me on this. Let me start over and
> explain what I'm trying to accomplish and that may help.
>
> I am working on a system where we display content my company creates.
> The end user has a machine we provide them. Currently we generate a
> list of files that then get downloaded to the machine via an HTTP Get
> command (both the list of files plus the actual files to be
> downloaded). The files are in a virtual directory on our server which
> you can connect to directly through a browser interface (the original
> version of the software, which I didn't write, went the net directly
> every time but if your net connection was down nothing would display.)
> So currently the program(s) get the list of files it needs to
> download, then it goes out through an unsecured (although it is SSL)
> connection to a virtual directory on our server.
>
> My problem is, and maybe I'm making too much of this is if you know
> the directory name on the machine, you can pretty quickly figure out
> our naming convention and then just start grabbing the files yourself.
> This of course is not what we want. We want people to pay for our
> service.
>
> So my thought was trying to do something to protect the files on the
> server. I realize I could make them not in a virtual directory and
> write a Web Service that would transfer the files but that seems
> cumbersome. If that's the best way to do it, I'm OK with it. The
> problem could be though that the files we transfer at the moment are
> small (< 1MB) but could in the future get huge (we are talking about
> doing video.) So I'm looking for a solution that can handle those
> files.
>
> Currently I'm using WebClient which doesn't appear to have any
> security on it.
>
> Hope this is clear.
>
> Thanks again for your help.
>
> Jeff.
>
> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
> news:OA*************@TK2MSFTNGP09.phx.gbl...
>> Sorry for making the same point again and again. Do you have a
>> particular requirement for keeping files in a subdirectory of your
>> site or a virtual directory?
>>
>> Eliyahu
>>
>> "UJ" <fr**@nowhere.com> wrote in message
>> news:eQ**************@TK2MSFTNGP10.phx.gbl...
>>>I guess that's the problem. At the moment if you go to
>>>www.fred.com/files/file1234.swf it will bring up the file. What I'm
>>>looking to do instead is have the program ask the server for a file
>>>somehow - but I'm looking for suggestions on how to do that. I would
>>>assume it would be a web service that the program calls. But what's
>>>the easiest way to transfer the file. Currently I'm using WebClient.
>>>
>>> TIA - Jeff.
>>>
>>> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
>>> news:%2***************@TK2MSFTNGP09.phx.gbl...
>>>> Why do you say the files are unprotected? If you keep them just in
>>>> a local
>>>> directory, not mapped as a virtual one and not a sub-directory of
>>>> your site,
>>>> no one can get to them from the web.
>>>>
>>>> Eliyahu
>>>>
>>>> "UJ" <fr**@nowhere.com> wrote in message
>>>> news:eq**************@TK2MSFTNGP11.phx.gbl...
>>>>> The files are all on the same server as my ASP.Net application.
>>>>>
>>>>> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
>>>>> news:u6*************@TK2MSFTNGP11.phx.gbl...
>>>>> > Does your program on server in asp.net? If it does, are the
>>>>> > files on a
>>>>> > separate server?
>>>>> >
>>>>> > Eliyahu
>>>>> >
>>>>> > "UJ" <fr**@nowhere.com> wrote in message
>>>>> > news:uO*************@TK2MSFTNGP14.phx.gbl...
>>>>> >> Eliyahu,
>>>>> >> I'm not sure I understand you. That is essentilly what we
>>>>> >> already do.
>>>> The
>>>>> >> problem is when the program goes out to our server to get the
>>>>> >> file, the
>>>>> >> files are unprotected on our server. I guess the question
>>>>> >> becomes how
>>>>> >> should I protect the files on the server so the program and
>>>>> >> only the
>>>>> >> program can access them.
>>>>> >>
>>>>> >> Jeff.
>>>>> >>
>>>>> >> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in
>>>>> >> message
>>>>> >> news:%2****************@TK2MSFTNGP09.phx.gbl...
>>>>> >>> Jeff,
>>>>> >>>
>>>>> >>> Another solution is to have the users authenticated in the
>>>>> >>> program and
>>>>> >>> have the files sitting in a local directory that the program
>>>>> >>> will be
>>>> the
>>>>> >>> only way of getting to the files from outside.
>>>>> >>>
>>>>> >>> Eliyahu
>>>>> >>>
>>>>> >>> "UJ" <fr**@nowhere.com> wrote in message
>>>>> >>> news:uj**************@TK2MSFTNGP15.phx.gbl...
>>>>> >>>> Folks,
>>>>> >>>> We provide custom content for our customers. Currently we put
>>>>> >>>> the
>>>> files
>>>>> >>>> on our server and people have a program we provide that will
>>>>> >>>> download
>>>>> >>>> the files. These files are usually SWF, HTML or JPG files.
>>>>> >>>> The
>>>> problem
>>>>> >>>> as I see it - if you know the name of the file, you could
>>>>> >>>> download it
>>>>> >>>> off the server (currently we are using an HTTP/Get but I'm
>>>>> >>>> going to
>>>> be
>>>>> >>>> using WebClient in the new version.)
>>>>> >>>>
>>>>> >>>> If there any way to password protect the file so people can't
>>>>> >>>> just
>>>>> >>>> download them even if they know the file name?
>>>>> >>>>
>>>>> >>>> The solutions I've come up with are:
>>>>> >>>>
>>>>> >>>> 1. Store the file in the database as a blob and read it (but
>>>>> >>>> this
>>>> could
>>>>> >>>> get slow as we will eventually add video which could get
>>>>> >>>> really big -
>>>>> >>>> up to 100MB).
>>>>> >>>>
>>>>> >>>> 2. Write a web service that will transfer the file back that
>>>>> >>>> has a
>>>>> >>>> password on it.
>>>>> >>>>
>>>>> >>>> Any other suggestions?
>>>>> >>>>
>>>>> >>>> TIA - Jeff
>>>>> >>>>
>>>>> >>>>
>>>>> >>>
>>>>> >>>
>>>>> >>
>>>>> >>
>>>>> >
>>>>> >
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>



Dec 20 '05 #15

P: n/a
UJ
Eliyahu,
Thanks anyway. I got it to work!

Jeff.

"UJ" <fr**@nowhere.com> wrote in message
news:ui*************@TK2MSFTNGP09.phx.gbl...
Ok Eliyahu. Aparently I'm an Idiot. How do I download the file in the
GetFiles.aspx page? I tried a server.transfer and it didn't display
correctly (of course I tried it just in the browser not calling it from
another piece of code.)

Any suggestions?

Jeff. (You humble servant....)

"UJ" <fr**@nowhere.com> wrote in message
news:eG**************@TK2MSFTNGP09.phx.gbl...
Great! I'll give it a try.

Thanks again for your help.

Jeff.

"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:uv*************@TK2MSFTNGP15.phx.gbl...
Any control that refers to an url can refer to
GetFiles.aspx?action=file&name=file1234.swf
Like <a href="GetFiles.aspx?action=file&name=file1234.swf" ...
or
<img src=GetFiles.aspx?action=file&name=file1234.gif...
The server code should take care of streaming the file with correct MIME
type.

Eliyahu

"UJ" <fr**@nowhere.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
Eliyahu,

Thanks for the info but I'm not sure how the page would return the
file. Do you mean have GetFiles.aspx would just load the file? What
would I do on the client end - a WebClient request with that as the
URL?

Jeff.

"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
> Jeff,
>
> I would recommend keeping the files in a server's local directory, not
> on a virtual one, and providing an asp.net page that would serve
> download requests. Instead of using http Get command, make calls to
> GetFiles.aspx?action=list for the list of files and
> GetFiles.aspx?action=file&name=file1234.swf . GetFiles.aspx would get
> the files from the local directory and stream them down to the
> clients. You don't need any webservice for that.
>
> Eliyahu
>
> "UJ" <fr**@nowhere.com> wrote in message
> news:OC**************@TK2MSFTNGP12.phx.gbl...
>> Eliyahu,
>> First thanks for attempting to help me on this. Let me start over and
>> explain what I'm trying to accomplish and that may help.
>>
>> I am working on a system where we display content my company creates.
>> The end user has a machine we provide them. Currently we generate a
>> list of files that then get downloaded to the machine via an HTTP Get
>> command (both the list of files plus the actual files to be
>> downloaded). The files are in a virtual directory on our server which
>> you can connect to directly through a browser interface (the original
>> version of the software, which I didn't write, went the net directly
>> every time but if your net connection was down nothing would
>> display.) So currently the program(s) get the list of files it needs
>> to download, then it goes out through an unsecured (although it is
>> SSL) connection to a virtual directory on our server.
>>
>> My problem is, and maybe I'm making too much of this is if you know
>> the directory name on the machine, you can pretty quickly figure out
>> our naming convention and then just start grabbing the files
>> yourself. This of course is not what we want. We want people to pay
>> for our service.
>>
>> So my thought was trying to do something to protect the files on the
>> server. I realize I could make them not in a virtual directory and
>> write a Web Service that would transfer the files but that seems
>> cumbersome. If that's the best way to do it, I'm OK with it. The
>> problem could be though that the files we transfer at the moment are
>> small (< 1MB) but could in the future get huge (we are talking about
>> doing video.) So I'm looking for a solution that can handle those
>> files.
>>
>> Currently I'm using WebClient which doesn't appear to have any
>> security on it.
>>
>> Hope this is clear.
>>
>> Thanks again for your help.
>>
>> Jeff.
>>
>> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
>> news:OA*************@TK2MSFTNGP09.phx.gbl...
>>> Sorry for making the same point again and again. Do you have a
>>> particular requirement for keeping files in a subdirectory of your
>>> site or a virtual directory?
>>>
>>> Eliyahu
>>>
>>> "UJ" <fr**@nowhere.com> wrote in message
>>> news:eQ**************@TK2MSFTNGP10.phx.gbl...
>>>>I guess that's the problem. At the moment if you go to
>>>>www.fred.com/files/file1234.swf it will bring up the file. What I'm
>>>>looking to do instead is have the program ask the server for a file
>>>>somehow - but I'm looking for suggestions on how to do that. I would
>>>>assume it would be a web service that the program calls. But what's
>>>>the easiest way to transfer the file. Currently I'm using WebClient.
>>>>
>>>> TIA - Jeff.
>>>>
>>>> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
>>>> news:%2***************@TK2MSFTNGP09.phx.gbl...
>>>>> Why do you say the files are unprotected? If you keep them just in
>>>>> a local
>>>>> directory, not mapped as a virtual one and not a sub-directory of
>>>>> your site,
>>>>> no one can get to them from the web.
>>>>>
>>>>> Eliyahu
>>>>>
>>>>> "UJ" <fr**@nowhere.com> wrote in message
>>>>> news:eq**************@TK2MSFTNGP11.phx.gbl...
>>>>>> The files are all on the same server as my ASP.Net application.
>>>>>>
>>>>>> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in
>>>>>> message
>>>>>> news:u6*************@TK2MSFTNGP11.phx.gbl...
>>>>>> > Does your program on server in asp.net? If it does, are the
>>>>>> > files on a
>>>>>> > separate server?
>>>>>> >
>>>>>> > Eliyahu
>>>>>> >
>>>>>> > "UJ" <fr**@nowhere.com> wrote in message
>>>>>> > news:uO*************@TK2MSFTNGP14.phx.gbl...
>>>>>> >> Eliyahu,
>>>>>> >> I'm not sure I understand you. That is essentilly what we
>>>>>> >> already do.
>>>>> The
>>>>>> >> problem is when the program goes out to our server to get the
>>>>>> >> file, the
>>>>>> >> files are unprotected on our server. I guess the question
>>>>>> >> becomes how
>>>>>> >> should I protect the files on the server so the program and
>>>>>> >> only the
>>>>>> >> program can access them.
>>>>>> >>
>>>>>> >> Jeff.
>>>>>> >>
>>>>>> >> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in
>>>>>> >> message
>>>>>> >> news:%2****************@TK2MSFTNGP09.phx.gbl...
>>>>>> >>> Jeff,
>>>>>> >>>
>>>>>> >>> Another solution is to have the users authenticated in the
>>>>>> >>> program and
>>>>>> >>> have the files sitting in a local directory that the program
>>>>>> >>> will be
>>>>> the
>>>>>> >>> only way of getting to the files from outside.
>>>>>> >>>
>>>>>> >>> Eliyahu
>>>>>> >>>
>>>>>> >>> "UJ" <fr**@nowhere.com> wrote in message
>>>>>> >>> news:uj**************@TK2MSFTNGP15.phx.gbl...
>>>>>> >>>> Folks,
>>>>>> >>>> We provide custom content for our customers. Currently we
>>>>>> >>>> put the
>>>>> files
>>>>>> >>>> on our server and people have a program we provide that will
>>>>>> >>>> download
>>>>>> >>>> the files. These files are usually SWF, HTML or JPG files.
>>>>>> >>>> The
>>>>> problem
>>>>>> >>>> as I see it - if you know the name of the file, you could
>>>>>> >>>> download it
>>>>>> >>>> off the server (currently we are using an HTTP/Get but I'm
>>>>>> >>>> going to
>>>>> be
>>>>>> >>>> using WebClient in the new version.)
>>>>>> >>>>
>>>>>> >>>> If there any way to password protect the file so people
>>>>>> >>>> can't just
>>>>>> >>>> download them even if they know the file name?
>>>>>> >>>>
>>>>>> >>>> The solutions I've come up with are:
>>>>>> >>>>
>>>>>> >>>> 1. Store the file in the database as a blob and read it (but
>>>>>> >>>> this
>>>>> could
>>>>>> >>>> get slow as we will eventually add video which could get
>>>>>> >>>> really big -
>>>>>> >>>> up to 100MB).
>>>>>> >>>>
>>>>>> >>>> 2. Write a web service that will transfer the file back that
>>>>>> >>>> has a
>>>>>> >>>> password on it.
>>>>>> >>>>
>>>>>> >>>> Any other suggestions?
>>>>>> >>>>
>>>>>> >>>> TIA - Jeff
>>>>>> >>>>
>>>>>> >>>>
>>>>>> >>>
>>>>>> >>>
>>>>>> >>
>>>>>> >>
>>>>>> >
>>>>>> >
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>



Dec 20 '05 #16

P: n/a
UJ
Eliyahu,
I spoke to fast. When I tried it I was pointing to a file in a virtual
directory. How to I getfiles.aspx return the file? I tried server.transfer
and that didn't work.

Thanks again.

Jeff.

"UJ" <fr**@nowhere.com> wrote in message
news:%2***************@TK2MSFTNGP12.phx.gbl...
Eliyahu,
Thanks anyway. I got it to work!

Jeff.

"UJ" <fr**@nowhere.com> wrote in message
news:ui*************@TK2MSFTNGP09.phx.gbl...
Ok Eliyahu. Aparently I'm an Idiot. How do I download the file in the
GetFiles.aspx page? I tried a server.transfer and it didn't display
correctly (of course I tried it just in the browser not calling it from
another piece of code.)

Any suggestions?

Jeff. (You humble servant....)

"UJ" <fr**@nowhere.com> wrote in message
news:eG**************@TK2MSFTNGP09.phx.gbl...
Great! I'll give it a try.

Thanks again for your help.

Jeff.

"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:uv*************@TK2MSFTNGP15.phx.gbl...
Any control that refers to an url can refer to
GetFiles.aspx?action=file&name=file1234.swf
Like <a href="GetFiles.aspx?action=file&name=file1234.swf" ...
or
<img src=GetFiles.aspx?action=file&name=file1234.gif...
The server code should take care of streaming the file with correct
MIME type.

Eliyahu

"UJ" <fr**@nowhere.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
> Eliyahu,
>
> Thanks for the info but I'm not sure how the page would return the
> file. Do you mean have GetFiles.aspx would just load the file? What
> would I do on the client end - a WebClient request with that as the
> URL?
>
> Jeff.
>
> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
> news:%2****************@TK2MSFTNGP10.phx.gbl...
>> Jeff,
>>
>> I would recommend keeping the files in a server's local directory,
>> not on a virtual one, and providing an asp.net page that would serve
>> download requests. Instead of using http Get command, make calls to
>> GetFiles.aspx?action=list for the list of files and
>> GetFiles.aspx?action=file&name=file1234.swf . GetFiles.aspx would get
>> the files from the local directory and stream them down to the
>> clients. You don't need any webservice for that.
>>
>> Eliyahu
>>
>> "UJ" <fr**@nowhere.com> wrote in message
>> news:OC**************@TK2MSFTNGP12.phx.gbl...
>>> Eliyahu,
>>> First thanks for attempting to help me on this. Let me start over
>>> and explain what I'm trying to accomplish and that may help.
>>>
>>> I am working on a system where we display content my company
>>> creates. The end user has a machine we provide them. Currently we
>>> generate a list of files that then get downloaded to the machine via
>>> an HTTP Get command (both the list of files plus the actual files to
>>> be downloaded). The files are in a virtual directory on our server
>>> which you can connect to directly through a browser interface (the
>>> original version of the software, which I didn't write, went the net
>>> directly every time but if your net connection was down nothing
>>> would display.) So currently the program(s) get the list of files it
>>> needs to download, then it goes out through an unsecured (although
>>> it is SSL) connection to a virtual directory on our server.
>>>
>>> My problem is, and maybe I'm making too much of this is if you know
>>> the directory name on the machine, you can pretty quickly figure out
>>> our naming convention and then just start grabbing the files
>>> yourself. This of course is not what we want. We want people to pay
>>> for our service.
>>>
>>> So my thought was trying to do something to protect the files on the
>>> server. I realize I could make them not in a virtual directory and
>>> write a Web Service that would transfer the files but that seems
>>> cumbersome. If that's the best way to do it, I'm OK with it. The
>>> problem could be though that the files we transfer at the moment are
>>> small (< 1MB) but could in the future get huge (we are talking about
>>> doing video.) So I'm looking for a solution that can handle those
>>> files.
>>>
>>> Currently I'm using WebClient which doesn't appear to have any
>>> security on it.
>>>
>>> Hope this is clear.
>>>
>>> Thanks again for your help.
>>>
>>> Jeff.
>>>
>>> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
>>> news:OA*************@TK2MSFTNGP09.phx.gbl...
>>>> Sorry for making the same point again and again. Do you have a
>>>> particular requirement for keeping files in a subdirectory of your
>>>> site or a virtual directory?
>>>>
>>>> Eliyahu
>>>>
>>>> "UJ" <fr**@nowhere.com> wrote in message
>>>> news:eQ**************@TK2MSFTNGP10.phx.gbl...
>>>>>I guess that's the problem. At the moment if you go to
>>>>>www.fred.com/files/file1234.swf it will bring up the file. What I'm
>>>>>looking to do instead is have the program ask the server for a file
>>>>>somehow - but I'm looking for suggestions on how to do that. I
>>>>>would assume it would be a web service that the program calls. But
>>>>>what's the easiest way to transfer the file. Currently I'm using
>>>>>WebClient.
>>>>>
>>>>> TIA - Jeff.
>>>>>
>>>>> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
>>>>> news:%2***************@TK2MSFTNGP09.phx.gbl...
>>>>>> Why do you say the files are unprotected? If you keep them just
>>>>>> in a local
>>>>>> directory, not mapped as a virtual one and not a sub-directory of
>>>>>> your site,
>>>>>> no one can get to them from the web.
>>>>>>
>>>>>> Eliyahu
>>>>>>
>>>>>> "UJ" <fr**@nowhere.com> wrote in message
>>>>>> news:eq**************@TK2MSFTNGP11.phx.gbl...
>>>>>>> The files are all on the same server as my ASP.Net application.
>>>>>>>
>>>>>>> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in
>>>>>>> message
>>>>>>> news:u6*************@TK2MSFTNGP11.phx.gbl...
>>>>>>> > Does your program on server in asp.net? If it does, are the
>>>>>>> > files on a
>>>>>>> > separate server?
>>>>>>> >
>>>>>>> > Eliyahu
>>>>>>> >
>>>>>>> > "UJ" <fr**@nowhere.com> wrote in message
>>>>>>> > news:uO*************@TK2MSFTNGP14.phx.gbl...
>>>>>>> >> Eliyahu,
>>>>>>> >> I'm not sure I understand you. That is essentilly what we
>>>>>>> >> already do.
>>>>>> The
>>>>>>> >> problem is when the program goes out to our server to get the
>>>>>>> >> file, the
>>>>>>> >> files are unprotected on our server. I guess the question
>>>>>>> >> becomes how
>>>>>>> >> should I protect the files on the server so the program and
>>>>>>> >> only the
>>>>>>> >> program can access them.
>>>>>>> >>
>>>>>>> >> Jeff.
>>>>>>> >>
>>>>>>> >> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in
>>>>>>> >> message
>>>>>>> >> news:%2****************@TK2MSFTNGP09.phx.gbl...
>>>>>>> >>> Jeff,
>>>>>>> >>>
>>>>>>> >>> Another solution is to have the users authenticated in the
>>>>>>> >>> program and
>>>>>>> >>> have the files sitting in a local directory that the program
>>>>>>> >>> will be
>>>>>> the
>>>>>>> >>> only way of getting to the files from outside.
>>>>>>> >>>
>>>>>>> >>> Eliyahu
>>>>>>> >>>
>>>>>>> >>> "UJ" <fr**@nowhere.com> wrote in message
>>>>>>> >>> news:uj**************@TK2MSFTNGP15.phx.gbl...
>>>>>>> >>>> Folks,
>>>>>>> >>>> We provide custom content for our customers. Currently we
>>>>>>> >>>> put the
>>>>>> files
>>>>>>> >>>> on our server and people have a program we provide that
>>>>>>> >>>> will download
>>>>>>> >>>> the files. These files are usually SWF, HTML or JPG files.
>>>>>>> >>>> The
>>>>>> problem
>>>>>>> >>>> as I see it - if you know the name of the file, you could
>>>>>>> >>>> download it
>>>>>>> >>>> off the server (currently we are using an HTTP/Get but I'm
>>>>>>> >>>> going to
>>>>>> be
>>>>>>> >>>> using WebClient in the new version.)
>>>>>>> >>>>
>>>>>>> >>>> If there any way to password protect the file so people
>>>>>>> >>>> can't just
>>>>>>> >>>> download them even if they know the file name?
>>>>>>> >>>>
>>>>>>> >>>> The solutions I've come up with are:
>>>>>>> >>>>
>>>>>>> >>>> 1. Store the file in the database as a blob and read it
>>>>>>> >>>> (but this
>>>>>> could
>>>>>>> >>>> get slow as we will eventually add video which could get
>>>>>>> >>>> really big -
>>>>>>> >>>> up to 100MB).
>>>>>>> >>>>
>>>>>>> >>>> 2. Write a web service that will transfer the file back
>>>>>>> >>>> that has a
>>>>>>> >>>> password on it.
>>>>>>> >>>>
>>>>>>> >>>> Any other suggestions?
>>>>>>> >>>>
>>>>>>> >>>> TIA - Jeff
>>>>>>> >>>>
>>>>>>> >>>>
>>>>>>> >>>
>>>>>>> >>>
>>>>>>> >>
>>>>>>> >>
>>>>>>> >
>>>>>>> >
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>



Dec 20 '05 #17

P: n/a
Jeff,

In this example I get a picture from a database and send it down to the
client.

protected void Page_Load(object sender, System.EventArgs e)
{
// get image type and id
int imageType = System.Convert.ToInt32
(this.Request.Params["type"]);
string imageId = this.Request.Params["id"];

string sql; // query to get image field
System.Data.SqlTypes.SqlBinary image; // image from database

// make query to get image
switch (imageType)
{
case 1: // patient photo
sql = String.Format ("SELECT patient_photo FROM
dem_patient WHERE patient_id = {0}", imageId);
break;
default:
sql = String.Empty;
break;
}

if (sql != String.Empty)
{
// get image from database
MMI.DataAccess.DbAccess dba = new MMI.DataAccess.DbAccess
();
try
{
System.Data.SqlClient.SqlDataReader reader =
dba.RunSelect (sql);
reader.Read ();
image = reader.GetSqlBinary(0);
reader.Close ();
}
finally
{
dba.Dispose ();
}

if (!image.IsNull)
{
// stream image down to client
this.Response.ContentType = "image/gif";
this.Response.BinaryWrite (image.Value);
}
}
}

Eliyahu

"UJ" <fr**@nowhere.com> wrote in message
news:uo**************@TK2MSFTNGP09.phx.gbl...
Eliyahu,
I spoke to fast. When I tried it I was pointing to a file in a virtual
directory. How to I getfiles.aspx return the file? I tried server.transfer
and that didn't work.

Thanks again.

Jeff.

"UJ" <fr**@nowhere.com> wrote in message
news:%2***************@TK2MSFTNGP12.phx.gbl...
Eliyahu,
Thanks anyway. I got it to work!

Jeff.

"UJ" <fr**@nowhere.com> wrote in message
news:ui*************@TK2MSFTNGP09.phx.gbl...
Ok Eliyahu. Aparently I'm an Idiot. How do I download the file in the
GetFiles.aspx page? I tried a server.transfer and it didn't display
correctly (of course I tried it just in the browser not calling it from
another piece of code.)

Any suggestions?

Jeff. (You humble servant....)

"UJ" <fr**@nowhere.com> wrote in message
news:eG**************@TK2MSFTNGP09.phx.gbl...
Great! I'll give it a try.

Thanks again for your help.

Jeff.

"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:uv*************@TK2MSFTNGP15.phx.gbl...
> Any control that refers to an url can refer to
> GetFiles.aspx?action=file&name=file1234.swf
> Like <a href="GetFiles.aspx?action=file&name=file1234.swf" ...
> or
> <img src=GetFiles.aspx?action=file&name=file1234.gif...
> The server code should take care of streaming the file with correct
> MIME type.
>
> Eliyahu
>
> "UJ" <fr**@nowhere.com> wrote in message
> news:%2****************@TK2MSFTNGP09.phx.gbl...
>> Eliyahu,
>>
>> Thanks for the info but I'm not sure how the page would return the
>> file. Do you mean have GetFiles.aspx would just load the file? What
>> would I do on the client end - a WebClient request with that as the
>> URL?
>>
>> Jeff.
>>
>> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
>> news:%2****************@TK2MSFTNGP10.phx.gbl...
>>> Jeff,
>>>
>>> I would recommend keeping the files in a server's local directory,
>>> not on a virtual one, and providing an asp.net page that would serve
>>> download requests. Instead of using http Get command, make calls to
>>> GetFiles.aspx?action=list for the list of files and
>>> GetFiles.aspx?action=file&name=file1234.swf . GetFiles.aspx would
>>> get the files from the local directory and stream them down to the
>>> clients. You don't need any webservice for that.
>>>
>>> Eliyahu
>>>
>>> "UJ" <fr**@nowhere.com> wrote in message
>>> news:OC**************@TK2MSFTNGP12.phx.gbl...
>>>> Eliyahu,
>>>> First thanks for attempting to help me on this. Let me start over
>>>> and explain what I'm trying to accomplish and that may help.
>>>>
>>>> I am working on a system where we display content my company
>>>> creates. The end user has a machine we provide them. Currently we
>>>> generate a list of files that then get downloaded to the machine
>>>> via an HTTP Get command (both the list of files plus the actual
>>>> files to be downloaded). The files are in a virtual directory on
>>>> our server which you can connect to directly through a browser
>>>> interface (the original version of the software, which I didn't
>>>> write, went the net directly every time but if your net connection
>>>> was down nothing would display.) So currently the program(s) get
>>>> the list of files it needs to download, then it goes out through an
>>>> unsecured (although it is SSL) connection to a virtual directory on
>>>> our server.
>>>>
>>>> My problem is, and maybe I'm making too much of this is if you know
>>>> the directory name on the machine, you can pretty quickly figure
>>>> out our naming convention and then just start grabbing the files
>>>> yourself. This of course is not what we want. We want people to pay
>>>> for our service.
>>>>
>>>> So my thought was trying to do something to protect the files on
>>>> the server. I realize I could make them not in a virtual directory
>>>> and write a Web Service that would transfer the files but that
>>>> seems cumbersome. If that's the best way to do it, I'm OK with it.
>>>> The problem could be though that the files we transfer at the
>>>> moment are small (< 1MB) but could in the future get huge (we are
>>>> talking about doing video.) So I'm looking for a solution that can
>>>> handle those files.
>>>>
>>>> Currently I'm using WebClient which doesn't appear to have any
>>>> security on it.
>>>>
>>>> Hope this is clear.
>>>>
>>>> Thanks again for your help.
>>>>
>>>> Jeff.
>>>>
>>>> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
>>>> news:OA*************@TK2MSFTNGP09.phx.gbl...
>>>>> Sorry for making the same point again and again. Do you have a
>>>>> particular requirement for keeping files in a subdirectory of your
>>>>> site or a virtual directory?
>>>>>
>>>>> Eliyahu
>>>>>
>>>>> "UJ" <fr**@nowhere.com> wrote in message
>>>>> news:eQ**************@TK2MSFTNGP10.phx.gbl...
>>>>>>I guess that's the problem. At the moment if you go to
>>>>>>www.fred.com/files/file1234.swf it will bring up the file. What
>>>>>>I'm looking to do instead is have the program ask the server for a
>>>>>>file somehow - but I'm looking for suggestions on how to do that.
>>>>>>I would assume it would be a web service that the program calls.
>>>>>>But what's the easiest way to transfer the file. Currently I'm
>>>>>>using WebClient.
>>>>>>
>>>>>> TIA - Jeff.
>>>>>>
>>>>>> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in
>>>>>> message news:%2***************@TK2MSFTNGP09.phx.gbl...
>>>>>>> Why do you say the files are unprotected? If you keep them just
>>>>>>> in a local
>>>>>>> directory, not mapped as a virtual one and not a sub-directory
>>>>>>> of your site,
>>>>>>> no one can get to them from the web.
>>>>>>>
>>>>>>> Eliyahu
>>>>>>>
>>>>>>> "UJ" <fr**@nowhere.com> wrote in message
>>>>>>> news:eq**************@TK2MSFTNGP11.phx.gbl...
>>>>>>>> The files are all on the same server as my ASP.Net application.
>>>>>>>>
>>>>>>>> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in
>>>>>>>> message
>>>>>>>> news:u6*************@TK2MSFTNGP11.phx.gbl...
>>>>>>>> > Does your program on server in asp.net? If it does, are the
>>>>>>>> > files on a
>>>>>>>> > separate server?
>>>>>>>> >
>>>>>>>> > Eliyahu
>>>>>>>> >
>>>>>>>> > "UJ" <fr**@nowhere.com> wrote in message
>>>>>>>> > news:uO*************@TK2MSFTNGP14.phx.gbl...
>>>>>>>> >> Eliyahu,
>>>>>>>> >> I'm not sure I understand you. That is essentilly what we
>>>>>>>> >> already do.
>>>>>>> The
>>>>>>>> >> problem is when the program goes out to our server to get
>>>>>>>> >> the file, the
>>>>>>>> >> files are unprotected on our server. I guess the question
>>>>>>>> >> becomes how
>>>>>>>> >> should I protect the files on the server so the program and
>>>>>>>> >> only the
>>>>>>>> >> program can access them.
>>>>>>>> >>
>>>>>>>> >> Jeff.
>>>>>>>> >>
>>>>>>>> >> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in
>>>>>>>> >> message
>>>>>>>> >> news:%2****************@TK2MSFTNGP09.phx.gbl...
>>>>>>>> >>> Jeff,
>>>>>>>> >>>
>>>>>>>> >>> Another solution is to have the users authenticated in the
>>>>>>>> >>> program and
>>>>>>>> >>> have the files sitting in a local directory that the
>>>>>>>> >>> program will be
>>>>>>> the
>>>>>>>> >>> only way of getting to the files from outside.
>>>>>>>> >>>
>>>>>>>> >>> Eliyahu
>>>>>>>> >>>
>>>>>>>> >>> "UJ" <fr**@nowhere.com> wrote in message
>>>>>>>> >>> news:uj**************@TK2MSFTNGP15.phx.gbl...
>>>>>>>> >>>> Folks,
>>>>>>>> >>>> We provide custom content for our customers. Currently we
>>>>>>>> >>>> put the
>>>>>>> files
>>>>>>>> >>>> on our server and people have a program we provide that
>>>>>>>> >>>> will download
>>>>>>>> >>>> the files. These files are usually SWF, HTML or JPG files.
>>>>>>>> >>>> The
>>>>>>> problem
>>>>>>>> >>>> as I see it - if you know the name of the file, you could
>>>>>>>> >>>> download it
>>>>>>>> >>>> off the server (currently we are using an HTTP/Get but I'm
>>>>>>>> >>>> going to
>>>>>>> be
>>>>>>>> >>>> using WebClient in the new version.)
>>>>>>>> >>>>
>>>>>>>> >>>> If there any way to password protect the file so people
>>>>>>>> >>>> can't just
>>>>>>>> >>>> download them even if they know the file name?
>>>>>>>> >>>>
>>>>>>>> >>>> The solutions I've come up with are:
>>>>>>>> >>>>
>>>>>>>> >>>> 1. Store the file in the database as a blob and read it
>>>>>>>> >>>> (but this
>>>>>>> could
>>>>>>>> >>>> get slow as we will eventually add video which could get
>>>>>>>> >>>> really big -
>>>>>>>> >>>> up to 100MB).
>>>>>>>> >>>>
>>>>>>>> >>>> 2. Write a web service that will transfer the file back
>>>>>>>> >>>> that has a
>>>>>>>> >>>> password on it.
>>>>>>>> >>>>
>>>>>>>> >>>> Any other suggestions?
>>>>>>>> >>>>
>>>>>>>> >>>> TIA - Jeff
>>>>>>>> >>>>
>>>>>>>> >>>>
>>>>>>>> >>>
>>>>>>>> >>>
>>>>>>>> >>
>>>>>>>> >>
>>>>>>>> >
>>>>>>>> >
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>



Dec 21 '05 #18

P: n/a
UJ
Eliyahu,
I got it to work - thanks!

Jeff.

"UJ" <fr**@nowhere.com> wrote in message
news:uo**************@TK2MSFTNGP09.phx.gbl...
Eliyahu,
I spoke to fast. When I tried it I was pointing to a file in a virtual
directory. How to I getfiles.aspx return the file? I tried server.transfer
and that didn't work.

Thanks again.

Jeff.

"UJ" <fr**@nowhere.com> wrote in message
news:%2***************@TK2MSFTNGP12.phx.gbl...
Eliyahu,
Thanks anyway. I got it to work!

Jeff.

"UJ" <fr**@nowhere.com> wrote in message
news:ui*************@TK2MSFTNGP09.phx.gbl...
Ok Eliyahu. Aparently I'm an Idiot. How do I download the file in the
GetFiles.aspx page? I tried a server.transfer and it didn't display
correctly (of course I tried it just in the browser not calling it from
another piece of code.)

Any suggestions?

Jeff. (You humble servant....)

"UJ" <fr**@nowhere.com> wrote in message
news:eG**************@TK2MSFTNGP09.phx.gbl...
Great! I'll give it a try.

Thanks again for your help.

Jeff.

"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:uv*************@TK2MSFTNGP15.phx.gbl...
> Any control that refers to an url can refer to
> GetFiles.aspx?action=file&name=file1234.swf
> Like <a href="GetFiles.aspx?action=file&name=file1234.swf" ...
> or
> <img src=GetFiles.aspx?action=file&name=file1234.gif...
> The server code should take care of streaming the file with correct
> MIME type.
>
> Eliyahu
>
> "UJ" <fr**@nowhere.com> wrote in message
> news:%2****************@TK2MSFTNGP09.phx.gbl...
>> Eliyahu,
>>
>> Thanks for the info but I'm not sure how the page would return the
>> file. Do you mean have GetFiles.aspx would just load the file? What
>> would I do on the client end - a WebClient request with that as the
>> URL?
>>
>> Jeff.
>>
>> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
>> news:%2****************@TK2MSFTNGP10.phx.gbl...
>>> Jeff,
>>>
>>> I would recommend keeping the files in a server's local directory,
>>> not on a virtual one, and providing an asp.net page that would serve
>>> download requests. Instead of using http Get command, make calls to
>>> GetFiles.aspx?action=list for the list of files and
>>> GetFiles.aspx?action=file&name=file1234.swf . GetFiles.aspx would
>>> get the files from the local directory and stream them down to the
>>> clients. You don't need any webservice for that.
>>>
>>> Eliyahu
>>>
>>> "UJ" <fr**@nowhere.com> wrote in message
>>> news:OC**************@TK2MSFTNGP12.phx.gbl...
>>>> Eliyahu,
>>>> First thanks for attempting to help me on this. Let me start over
>>>> and explain what I'm trying to accomplish and that may help.
>>>>
>>>> I am working on a system where we display content my company
>>>> creates. The end user has a machine we provide them. Currently we
>>>> generate a list of files that then get downloaded to the machine
>>>> via an HTTP Get command (both the list of files plus the actual
>>>> files to be downloaded). The files are in a virtual directory on
>>>> our server which you can connect to directly through a browser
>>>> interface (the original version of the software, which I didn't
>>>> write, went the net directly every time but if your net connection
>>>> was down nothing would display.) So currently the program(s) get
>>>> the list of files it needs to download, then it goes out through an
>>>> unsecured (although it is SSL) connection to a virtual directory on
>>>> our server.
>>>>
>>>> My problem is, and maybe I'm making too much of this is if you know
>>>> the directory name on the machine, you can pretty quickly figure
>>>> out our naming convention and then just start grabbing the files
>>>> yourself. This of course is not what we want. We want people to pay
>>>> for our service.
>>>>
>>>> So my thought was trying to do something to protect the files on
>>>> the server. I realize I could make them not in a virtual directory
>>>> and write a Web Service that would transfer the files but that
>>>> seems cumbersome. If that's the best way to do it, I'm OK with it.
>>>> The problem could be though that the files we transfer at the
>>>> moment are small (< 1MB) but could in the future get huge (we are
>>>> talking about doing video.) So I'm looking for a solution that can
>>>> handle those files.
>>>>
>>>> Currently I'm using WebClient which doesn't appear to have any
>>>> security on it.
>>>>
>>>> Hope this is clear.
>>>>
>>>> Thanks again for your help.
>>>>
>>>> Jeff.
>>>>
>>>> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
>>>> news:OA*************@TK2MSFTNGP09.phx.gbl...
>>>>> Sorry for making the same point again and again. Do you have a
>>>>> particular requirement for keeping files in a subdirectory of your
>>>>> site or a virtual directory?
>>>>>
>>>>> Eliyahu
>>>>>
>>>>> "UJ" <fr**@nowhere.com> wrote in message
>>>>> news:eQ**************@TK2MSFTNGP10.phx.gbl...
>>>>>>I guess that's the problem. At the moment if you go to
>>>>>>www.fred.com/files/file1234.swf it will bring up the file. What
>>>>>>I'm looking to do instead is have the program ask the server for a
>>>>>>file somehow - but I'm looking for suggestions on how to do that.
>>>>>>I would assume it would be a web service that the program calls.
>>>>>>But what's the easiest way to transfer the file. Currently I'm
>>>>>>using WebClient.
>>>>>>
>>>>>> TIA - Jeff.
>>>>>>
>>>>>> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in
>>>>>> message news:%2***************@TK2MSFTNGP09.phx.gbl...
>>>>>>> Why do you say the files are unprotected? If you keep them just
>>>>>>> in a local
>>>>>>> directory, not mapped as a virtual one and not a sub-directory
>>>>>>> of your site,
>>>>>>> no one can get to them from the web.
>>>>>>>
>>>>>>> Eliyahu
>>>>>>>
>>>>>>> "UJ" <fr**@nowhere.com> wrote in message
>>>>>>> news:eq**************@TK2MSFTNGP11.phx.gbl...
>>>>>>>> The files are all on the same server as my ASP.Net application.
>>>>>>>>
>>>>>>>> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in
>>>>>>>> message
>>>>>>>> news:u6*************@TK2MSFTNGP11.phx.gbl...
>>>>>>>> > Does your program on server in asp.net? If it does, are the
>>>>>>>> > files on a
>>>>>>>> > separate server?
>>>>>>>> >
>>>>>>>> > Eliyahu
>>>>>>>> >
>>>>>>>> > "UJ" <fr**@nowhere.com> wrote in message
>>>>>>>> > news:uO*************@TK2MSFTNGP14.phx.gbl...
>>>>>>>> >> Eliyahu,
>>>>>>>> >> I'm not sure I understand you. That is essentilly what we
>>>>>>>> >> already do.
>>>>>>> The
>>>>>>>> >> problem is when the program goes out to our server to get
>>>>>>>> >> the file, the
>>>>>>>> >> files are unprotected on our server. I guess the question
>>>>>>>> >> becomes how
>>>>>>>> >> should I protect the files on the server so the program and
>>>>>>>> >> only the
>>>>>>>> >> program can access them.
>>>>>>>> >>
>>>>>>>> >> Jeff.
>>>>>>>> >>
>>>>>>>> >> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in
>>>>>>>> >> message
>>>>>>>> >> news:%2****************@TK2MSFTNGP09.phx.gbl...
>>>>>>>> >>> Jeff,
>>>>>>>> >>>
>>>>>>>> >>> Another solution is to have the users authenticated in the
>>>>>>>> >>> program and
>>>>>>>> >>> have the files sitting in a local directory that the
>>>>>>>> >>> program will be
>>>>>>> the
>>>>>>>> >>> only way of getting to the files from outside.
>>>>>>>> >>>
>>>>>>>> >>> Eliyahu
>>>>>>>> >>>
>>>>>>>> >>> "UJ" <fr**@nowhere.com> wrote in message
>>>>>>>> >>> news:uj**************@TK2MSFTNGP15.phx.gbl...
>>>>>>>> >>>> Folks,
>>>>>>>> >>>> We provide custom content for our customers. Currently we
>>>>>>>> >>>> put the
>>>>>>> files
>>>>>>>> >>>> on our server and people have a program we provide that
>>>>>>>> >>>> will download
>>>>>>>> >>>> the files. These files are usually SWF, HTML or JPG files.
>>>>>>>> >>>> The
>>>>>>> problem
>>>>>>>> >>>> as I see it - if you know the name of the file, you could
>>>>>>>> >>>> download it
>>>>>>>> >>>> off the server (currently we are using an HTTP/Get but I'm
>>>>>>>> >>>> going to
>>>>>>> be
>>>>>>>> >>>> using WebClient in the new version.)
>>>>>>>> >>>>
>>>>>>>> >>>> If there any way to password protect the file so people
>>>>>>>> >>>> can't just
>>>>>>>> >>>> download them even if they know the file name?
>>>>>>>> >>>>
>>>>>>>> >>>> The solutions I've come up with are:
>>>>>>>> >>>>
>>>>>>>> >>>> 1. Store the file in the database as a blob and read it
>>>>>>>> >>>> (but this
>>>>>>> could
>>>>>>>> >>>> get slow as we will eventually add video which could get
>>>>>>>> >>>> really big -
>>>>>>>> >>>> up to 100MB).
>>>>>>>> >>>>
>>>>>>>> >>>> 2. Write a web service that will transfer the file back
>>>>>>>> >>>> that has a
>>>>>>>> >>>> password on it.
>>>>>>>> >>>>
>>>>>>>> >>>> Any other suggestions?
>>>>>>>> >>>>
>>>>>>>> >>>> TIA - Jeff
>>>>>>>> >>>>
>>>>>>>> >>>>
>>>>>>>> >>>
>>>>>>>> >>>
>>>>>>>> >>
>>>>>>>> >>
>>>>>>>> >
>>>>>>>> >
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>



Dec 21 '05 #19

This discussion thread is closed

Replies have been disabled for this discussion.