Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: IIS6 ASP.NET4.0
I have devloped a website and deploy it on IIS, then i have a create a window based application and trying to download some files from my deployed application. with the help of WebClient.dowonloadFile(http://192.168.1.1/test/default.aspx) and i can donwload that file.
 
So it is clear that my website is not secure, How to restrict files from being download. and if i want to download file then without help of credential it gives me error
 
how to accomplish my task.
 
Thanks in advnace
Posted 9-Jul-12 18:59pm
Comments
Sergey Alexandrovich Kryukov at 10-Jul-12 1:37am
   
Why do you consider downloading as "not secure"? How do you want to restrict downloads? And how come it can be a problem? You fully control how to respond to HTTP request...
--SA
Sergey Alexandrovich Kryukov at 10-Jul-12 1:40am
   
And, if you deploy it "on ISS" and this HTTP server is on some remote host, you cannot access it through Internet if its address is http://192.168.1.1. It could only be a local network address. Did you know that?
--SA

1 solution

Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

You did not explain how would you want to restrict the download, but most likely you would allow some downloads only for authenticated users. To learn about it, read this:
http://msdn.microsoft.com/en-us/library/eeyk640h.aspx[^].
 
Based on authentication, not only you can control the download, you can even restrict rendering the page from which one could download a file. Now, what about downloading itself?
 
With download, the simplest form is as simple as this:
<a href="myFile.zip">Download myFile.zip</a>
This is something you cannot "restrict". So, to provide restrictions, you need to use more complicated approach.
 
You can have some control to post a request for the file, for example, a button on a button click. The server part should generate HTTP response with the file. Note, that you don't even need a file in the file system on the server's host. The file is generated on the fly anyway. The correct "downloading" behavior of the client is directed by appropriate HTTP headers, in this case, this is "content-disposition". This is shown in the code sample of the answer to this question:
http://stackoverflow.com/questions/2009057/download-file-from-server-asp-net[^].
 
Note, that this code sample also demonstrates some rudimentary restriction, by the requested file "extension". (See the string "File extension is not allowed" in the sample code.) Again, as this is your code, you impose the restrictions you want; this sample is enough for you to get the idea.
 
—SA
  Permalink  
v2

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 Sergey Alexandrovich Kryukov 9,108
1 OriginalGriff 8,186
2 CPallini 2,613
3 Richard MacCutchan 2,231
4 Abhinav S 1,928


Advertise | Privacy | Mobile
Web01 | 2.8.140827.1 | Last Updated 10 Jul 2012
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100