473,509 Members | 3,075 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

uploading / downloading protected files in ASP.NET

I have a web application where the admin wants to be able to upload
arbitrary files on an admin page... and then have them accessible for
certain users. Easy enough eh?

The difficulty I'm having is serving up these files in a secure AND
browser-friendly way. I'm using Form authentication. I can't just
drop them in a website directory and show links to the files, because
then anyone could get at a file whose extension is not explicitly
protected by ASP.NET.

So... the option I came up with was to write a proxy page which just
uses Response.WriteFile() after some security checks. Well, that
works fine, but then the URL ends up being something like:

http://mysite.com/getfile?filename=file.doc

...and then of course the browser just dumps the raw bytes of the file,
it doesn't know that this is a .doc file its receiving like if the URL
had been http://mysidte.com/files/file.doc.

Any way to fix this? Do I send down a MIME-type header? If so, where
do I get that? Because the admin could upload any sort of document...
all I have is the file name, more or less. Is there any way to tell
IIS to handle ALL file types for a particular directory? That way
Forms authentication could protect everything?
Any suggestsions greatly appreciated.

Jun 21 '07 #1
3 1389
Hi,

br******@hotmail.com wrote:
I have a web application where the admin wants to be able to upload
arbitrary files on an admin page... and then have them accessible for
certain users. Easy enough eh?

The difficulty I'm having is serving up these files in a secure AND
browser-friendly way. I'm using Form authentication. I can't just
drop them in a website directory and show links to the files, because
then anyone could get at a file whose extension is not explicitly
protected by ASP.NET.

So... the option I came up with was to write a proxy page which just
uses Response.WriteFile() after some security checks. Well, that
works fine, but then the URL ends up being something like:

http://mysite.com/getfile?filename=file.doc
That sounds like a good idea.
..and then of course the browser just dumps the raw bytes of the file,
it doesn't know that this is a .doc file its receiving like if the URL
had been http://mysidte.com/files/file.doc.
Actually, even when the browser receives a file.doc file, it doesn't
know what file it is. You are right that you must send a MIME type. The
MIME type is sent by IIS when you link to a DOC file directly. According
to the MIME type, the browser will decide what action he will use,
according to the user settings.

MIME type is set in the Response.ContentType property.
http://msdn2.microsoft.com/en-us/library/ms525208.aspx
Any way to fix this? Do I send down a MIME-type header? If so, where
do I get that? Because the admin could upload any sort of document...
all I have is the file name, more or less. Is there any way to tell
IIS to handle ALL file types for a particular directory? That way
Forms authentication could protect everything?
The MIME type cannot, as far as I know, be generated automatically. You
will need to create a table extension --MIME type. Of course, it would
be a good idea to make this table a XML file (config file, or simply
external XML file) so that you or your user can dynamically add new
extensions/MIME type mapping information.

Any suggestsions greatly appreciated.
HTH,
Laurent
--
Laurent Bugnion [MVP ASP.NET]
Software engineering, Blog: http://www.galasoft.ch
PhotoAlbum: http://www.galasoft.ch/pictures
Support children in Calcutta: http://www.calcutta-espoir.ch
Jun 21 '07 #2
Well, ya learn something new every day... Not sure how I went this
long without realizing this. I also see that the HttpPostedFile
object has a ContentType property. So I can alternatively just save
that and push the same string back down when the file is downloaded.

Thanks for the help.

Jun 21 '07 #3
Lit
I save my file info to a database table along with the ContentType...
including the content.
that could eliminate or work the security concerns you have also.

Just an idea....


<br******@hotmail.comwrote in message
news:11*********************@g37g2000prf.googlegro ups.com...
Well, ya learn something new every day... Not sure how I went this
long without realizing this. I also see that the HttpPostedFile
object has a ContentType property. So I can alternatively just save
that and push the same string back down when the file is downloaded.

Thanks for the help.

Jun 21 '07 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
1
1824
uploading using https
by: Asha | last post by:
greetings, i need to upload an .xls file using a secure connection. so i though of using https... can i know how this can be done?
ASP.NET
2
1255
FTP 3rd party software for simple uploading/downloading?
by: D. Shane Fowlkes | last post by:
I'm about to build in some functionality where my client's staff can do some kind of basic upload to a folder or series of folders on our web server and allow authenticated users to know the UID...
ASP.NET
1
1156
Uploading/Downloading files with protected extensions
by: Garett Rogers | last post by:
I am creating a document manager for our intranet in VB.NET and I have stumbled across a problem that I cant seem to find a solution for. Everything is working as planned: 1) upload a file from...
ASP.NET
0
1504
weird....different size between uploading and downloading???
by: TJ | last post by:
Hi, I've written code web-based uploading and downloading. Here is some code for it. For saving file into MS-SQL database, SaveFileIntoDB(HttpPostedFile file) { int fileLength =...
ASP.NET
4
2141
problem in uploading and downloading files from DB in ASP.Net
by: Himanshu | last post by:
hi, Can anybody tell me that thru asp.net using c#, how can we upload and download physical files in any table of SQL Server Database. the uploading part is running successfully but the...
ASP.NET
3
1626
uploading files to file system/zipping/downloading problems
by: OriginalBrownster | last post by:
I am currently uploading a file from a users computer to the file system on my server using python, just reading the file and writing the binaries. total_data=' ' while True: data =...
Python
0
1208
Uploading Files via an HTTP protocol
by: mivey4 | last post by:
I have been experimenting with sending and receiving files using the webClient class provided in .NET. (C#) I don't seem to have any problems downloading files from my test web server using the...
.NET Framework
221
366982
Atli
Uploading files into a MySQL database using PHP
by: Atli | last post by:
You may be wondering why you would want to put your files “into” the database, rather than just onto the file-system. Well, most of the time, you wouldn’t. In situations where your PHP application...
PHP
3
5159
code for uploading 1gb files using php
by: muziburrehaman | last post by:
i am looking for code in php to upload the 1 gb files. any one can please help me by sending the code....
PHP
0
7344
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
1
7069
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
7505
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
4730
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp
0
3216
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration
0
3203
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
0
1570
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
C# / C Sharp
1
775
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
0
441
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us