By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,953 Members | 1,611 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,953 IT Pros & Developers. It's quick & easy.

For certain directories, protecting files from direct access that match a naming pattern OR mediating http access through my app

P: n/a
Short version: I want to know how in ASP.NET I could bar direct http access
to some files in a directory that match a pattern, but not others. An
alternate solution would be to bar all direct http access to files and
require that any access of the files be mediated by my web application. In
other words, direct access via http://domain.com/app/MyCoolPhoto.jpg would
be forbidden.

Long version: I've written a photo cms and display application that has
organized many tens of thousands of files. It has made different versions of
those files, some of which I am willing to offer to the general public and
most of which I'm not:

jid20040632_pid400017_wissnerslivkachair_001_ld50. jpg
// OK to show to the world
jid20040632_pid400017_wissnerslivkachair_001_ld400 watermarked.jpg //
Also OK, it's watermarked
jid20040632_pid400017_wissnerslivkachair_001_fulls ized.jpg
// NOT OK! Keep this files matching "..._fullsized" off limits!
[multiply this by 20 other variations.]

I want to limit access to most of those variations. In some cases I imagine
I will be doing that limiting via ASP.NET 2 roles and in other cases I will
be inspecting ServerVariables that are assigned by the Pubcookie auth
framework.

Can someone suggest a server-side approach that works with ASP.NET and that
can't be easily defeated?

Thanks,
-KF
Jul 31 '07 #1
Share this question for a faster answer!
Share on Google+

This discussion thread is closed

Replies have been disabled for this discussion.