asp.net MVC app and protecting a folder

Discussion in 'ASP.NET / ASP.NET Core' started by aircom, Jan 21, 2010.

Thread Status:
Threads that have been inactive for 5 years or longer are closed to further replies. Please start a new thread.
  1. Hi,

    first post here. I'm just trying to install my MVC app under the root. My problem is that I have to protect some files in a folder. The MVC app will ensure that a user has the right to download a file. This is done through a route (..../download/{fileid}). The action method checks in a database that the user has the rights and returns the file, if not it redirects. This behavior is working well, but I also need to ensure that the file is not accessible through another URL.

    At my previous linux host, I had the possibility to put files outside the web root folder. Here I can't. So I'm obliged to create a folder under the web root. Protecting it just against anonymous users, while feasible, is not enough since a logged in user could still access all the files although his rights should give him access to only a set of files.

    The only thing I have found right now is to name the folder like the url segment of my route (here "download"). This obliges routing to take precedence and so a visitor can't type ..../download/a.zip.
    But is it secure enough?

    What alternatives?

    Thank you
     
  2. Bruce

    Bruce DiscountASP.NET Staff

Thread Status:
Threads that have been inactive for 5 years or longer are closed to further replies. Please start a new thread.

Share This Page