I am working on Asp.net MVC application. Application contain a folder which need to be secured from unauthorized access. Customer can copy file with any extension to this folder. Customer doesn't want unauthorized person (person without log in) to download
the file by directly accessing the file in browser's URL.
I cannot use httpHandler as extension of the file is not known to us beforehand. I also tried with keeping separate web.config with<deny users="?"/>in it's authorization section. But it works only for known extension,
for unknown extension it gives following error,
The page you are requesting cannot be served because of the extension configuration.If the page is a script, add a handler.If the file should be downloaded, add a MIME map.
You must add a MIME type or restrict the file types.
That's not a solution I want. There would be different types of extension, which I don't have control upon. Customer doesn't want me to give frequent access to their server. They don't want me to register MIME type for each file extension. They want
one time solution, that can handle all file extension. More aptly, they don't care about file extension, they just want to secure whatever files are there inside the folder.
Member
21 Points
20 Posts
asp.net mvc secure folder containing random file extension
Dec 13, 2018 02:19 PM|jitusurve|LINK
I am working on Asp.net MVC application. Application contain a folder which need to be secured from unauthorized access. Customer can copy file with any extension to this folder. Customer doesn't want unauthorized person (person without log in) to download the file by directly accessing the file in browser's URL.
I cannot use httpHandler as extension of the file is not known to us beforehand. I also tried with keeping separate web.config with
<deny users="?"/>in it's authorization section. But it works only for known extension, for unknown extension it gives following error,Can some one suggest how handle this situation?
Thanks.
Jitu
All-Star
53661 Points
24019 Posts
Re: asp.net mvc secure folder containing random file extension
Dec 13, 2018 03:04 PM|mgebhard|LINK
You must add a MIME type or restrict the file types.
Member
21 Points
20 Posts
Re: asp.net mvc secure folder containing random file extension
Dec 13, 2018 04:52 PM|jitusurve|LINK
That's not a solution I want. There would be different types of extension, which I don't have control upon. Customer doesn't want me to give frequent access to their server. They don't want me to register MIME type for each file extension. They want one time solution, that can handle all file extension. More aptly, they don't care about file extension, they just want to secure whatever files are there inside the folder.
All-Star
53661 Points
24019 Posts
Re: asp.net mvc secure folder containing random file extension
Dec 13, 2018 06:25 PM|mgebhard|LINK
Then store the files outside the web root and manually serialize the files and return a content-type of application/octet-stream.
Member
21 Points
20 Posts
Re: asp.net mvc secure folder containing random file extension
Dec 15, 2018 10:54 AM|jitusurve|LINK
Yeah. Probably that's only option left. Thanks.