locked
asp.net mvc secure folder containing random file extension RRS feed

  • Question

  • User1986994285 posted

    I am working on Asp.net MVC application. Application contain a folder which need to be secured from unauthorized access. Customer can copy file with any extension to this folder. Customer doesn't want unauthorized person (person without log in) to download the file by directly accessing the file in browser's URL.

    I cannot use httpHandler as extension of the file is not known to us beforehand. I also tried with keeping separate web.config with <deny users="?"/> in it's authorization section. But it works only for known extension, for unknown extension it gives following error,

    The page you are requesting cannot be served because of the extension configuration. If the page is a script, add a handler. If the file should be downloaded, add a MIME map.

    Can some one suggest how handle this situation?

    Thanks.

    Jitu

    Thursday, December 13, 2018 2:19 PM

Answers

  • User475983607 posted

    Then store the files outside the web root and manually serialize the files and return a content-type of application/octet-stream.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, December 13, 2018 6:25 PM

All replies

  • User475983607 posted

    Can some one suggest how handle this situation?

    You must add a MIME type or restrict the file types.

    Thursday, December 13, 2018 3:04 PM
  • User1986994285 posted

    jitusurve

    Can some one suggest how handle this situation?

    You must add a MIME type or restrict the file types.

    That's not a solution I want.  There would be different types of extension, which I don't have control upon.  Customer doesn't want me to give frequent access to their server.  They don't want me to register MIME type for each file extension.  They want one time solution, that can handle all file extension.  More aptly, they don't care about file extension, they just want to secure whatever files are there inside the folder.

    Thursday, December 13, 2018 4:52 PM
  • User475983607 posted

    Then store the files outside the web root and manually serialize the files and return a content-type of application/octet-stream.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, December 13, 2018 6:25 PM
  • User1986994285 posted

    Yeah.  Probably that's only option left.  Thanks.

    Saturday, December 15, 2018 10:54 AM