HighTechTalks DotNet Forums  

Securing URL in File Download in ASP.net

Go Back HighTechTalks DotNet Forums Dotnet ASP.net Security Securing URL in File Download in ASP.net

ASP.net Security microsoft.public.dotnet.framework.aspnet.security


Discuss Securing URL in File Download in ASP.net in the ASP.net Security forum.



Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old   
anoop
 
Posts: n/a

Default Securing URL in File Download in ASP.net - 11-13-2007 , 10:22 PM





Hello,
There is a website in ASP.Net in which there is a File download
option with URL

English/Scripts/download.aspx?file=.... . Here the code substitutes the URL
of the file to download. but If I substitute the URL of the file that is
stored on the web server, then file such as aspx.vb or even web.config can be
downloaded by any user. Now I want to know how to protect this "file"
parameter in ASP.Net, so that only intended files can be downloaded.

Thank you

Reply With Quote
  #2  
Old   
Manish Bafna
 
Posts: n/a

Default RE: Securing URL in File Download in ASP.net - 11-15-2007 , 01:43 AM





Hi,
You need to encrypt and decrypt querystring.Below link shows how to do it:
http://www.codeproject.com/aspnet/Ta...ueryString.asp
--
Hope this helps.
Thanks and Regards.
Manish Bafna.
MCP and MCTS.



"anoop" wrote:

Quote:
Hello,
There is a website in ASP.Net in which there is a File download
option with URL

English/Scripts/download.aspx?file=.... . Here the code substitutes the URL
of the file to download. but If I substitute the URL of the file that is
stored on the web server, then file such as aspx.vb or even web.config can be
downloaded by any user. Now I want to know how to protect this "file"
parameter in ASP.Net, so that only intended files can be downloaded.

Thank you

Reply With Quote
  #3  
Old   
Alexey Smirnov
 
Posts: n/a

Default Re: Securing URL in File Download in ASP.net - 11-17-2007 , 03:00 PM


On Nov 14, 5:22 am, anoop <an... (AT) discussions (DOT) microsoft.com> wrote:
Quote:
Hello,
There is a website in ASP.Net in which there is a File download
option with URL

English/Scripts/download.aspx?file=.... . Here the code substitutes the URL
of the file to download. but If I substitute the URL of the file that is
stored on the web server, then file such as aspx.vb or even web.config can be
downloaded by any user. Now I want to know how to protect this "file"
parameter in ASP.Net, so that only intended files can be downloaded.

Thank you
Put files for download to a special folder (e.g. /download) and check
if requested file is located in that folder (avoid requests to other
folders)


Reply With Quote
Reply

« Previous Thread | Next Thread »



Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.


Contact Us - HighTechTalks DotNet Forums - Archive - Top