limit access to certain file types

Re: limit access to certain file types

Kevin,

You should be able to use an implementation of IHttpHandler. For more
information, check here on how to use them:



The only thing you would have to beyond the code is register the
extension as being handled by ASP.NET, and then change your config file to
use the handler.

Then, you can do what you need in the handler.

Hope this helps.


--
- Nicholas Paldino [.NET/C# MVP]
- mvp@spam.guard. caspershouse.co m

"Kevin Blount" <kevin.blount@g mail.com> wrote in message
news:1149523804 .955047.321070@ c74g2000cwc.goo glegroups.com.. .[color=blue]
> My current site uses a ASP, database driven, ID based system to allow
> people to download files they have the right permissions to, as well as
> to send an email to them with necessary support links and passwords and
> an email to us with 'who did what and when' info.
>
> a typical link from this system might be
>
> http://www.oursite.com/getfile.asp?id=123
>
> My current task is to allows link directly to the file (for a cleaner
> looking link, I suppose) but still drive the emails, etc. My thought
> was to use a combo of ASP.NET dlls and IIS6, which for the most parts
> works. Esentially I just associate the .exe file extension with
> aspnet_isapi.dl l and then use web.config and a .net script (index.aspx)
> to check permissions etc.
>
> index.aspx does a few things:
> 1 - checks for existing cookies to see if they are logged into our site
> 2 - redirects to login page if not
> 3 - when they are logged in, it checks their user ID against the
> database for access to the file
> 4 - if granted, it sends the emails
> 5 - it uses FormsAuthentica tion.RedirectFr omLoginPage to give them the
> file.
>
> the issue is that the next file they want does NOT do steps 1 thru 4
> above, because step 5 sets a cookie, which I have no contorl over, and
> that cookies is available for the whole session, so no checks are made,
> and no emails are sent.
>
>
> What I'm looking for it either an alternative to
> 'FormsAuthentic ation.RedirectF romLoginPage', which doesn't *redirect*
> to the file (as this instigates index.aspx and causes an infinite
> loop), or a total new way to link directly to a filename and perform
> actions before the file is given to the user.
>
> any ideas??
>[/color]

Re: limit access to certain file types

Hi Nicholas,

Thanks for the suggestion. I took a look at the link, did some reading,
and it does sound like it might work for me. As a test I copied the
code from this page:
http://msdn2.microsoft.com/en-us/ms227433.aspx (C# version, natch <g>)

I adapated the instructions to work for .exe extensions, and the result
of that script does appear when I click a link to test.exe within the
application (/catalog/) where I update the web.config.

i.e. it works!!

the next thing for me to do is figure out which parts of that script I
need to edit to check the database, email the link, and finally
actually let someone grab test.exe. Right now it seems to display the
test message *instead* of downloading the file, which obviously defeats
my proposed use of the script.

Any ideas? I would normally battle it solo (and I will be working on it
once I finish typing this), but a deadline approaches, so any help I
can get is invaluable.

Thanks for posting the link.. it could just work, dammit! :)

Kevin


Nicholas Paldino [.NET/C# MVP] wrote:[color=blue]
>Kevin,
>
>You should be able to use an implementation of IHttpHandler. For more
> information, check here on how to use them:
>
> http://msdn2.microsoft.com/en-us/5c67a8bd.aspx
>
>The only thing you would have to beyond the code is register the
>extension as being handled by ASP.NET, and then change your config file to[/color]

Re: limit access to certain file types

Kevin,

Well, here is where you will have to do some work.

First, you will have to set the ContentType header so that the browser
knows how to process what you are returning.

Then, when that is set, you will have to open the file and write the
contents. In this case, you should be able to pass the name of the file to
the WriteFile method on the Response exposed by the HttpContext passed in.

You can then do the email processing and whatnot in the same method
which processes the request.


--
- Nicholas Paldino [.NET/C# MVP]
- mvp@spam.guard. caspershouse.co m

"Kevin Blount" <kevin.blount@g mail.com> wrote in message
news:1149533460 .841104.74500@f 6g2000cwb.googl egroups.com...[color=blue]
> Hi Nicholas,
>
> Thanks for the suggestion. I took a look at the link, did some reading,
> and it does sound like it might work for me. As a test I copied the
> code from this page:
> http://msdn2.microsoft.com/en-us/ms227433.aspx (C# version, natch <g>)
>
> I adapated the instructions to work for .exe extensions, and the result
> of that script does appear when I click a link to test.exe within the
> application (/catalog/) where I update the web.config.
>
> i.e. it works!!
>
> the next thing for me to do is figure out which parts of that script I
> need to edit to check the database, email the link, and finally
> actually let someone grab test.exe. Right now it seems to display the
> test message *instead* of downloading the file, which obviously defeats
> my proposed use of the script.
>
> Any ideas? I would normally battle it solo (and I will be working on it
> once I finish typing this), but a deadline approaches, so any help I
> can get is invaluable.
>
> Thanks for posting the link.. it could just work, dammit! :)
>
> Kevin
>
>
> Nicholas Paldino [.NET/C# MVP] wrote:[color=green]
>>Kevin,
>>
>>You should be able to use an implementation of IHttpHandler. For more
>> information, check here on how to use them:
>>
>> http://msdn2.microsoft.com/en-us/5c67a8bd.aspx
>>
>>The only thing you would have to beyond the code is register the
>>extension as being handled by ASP.NET, and then change your config file to[/color]
>[/color]

Re: limit access to certain file types

Nicholas,

Great! I appreciate the guidance. As a lot of people, when I look at a
script I didn't write it takes me a while to figure out which bit does
what, and THEN I have to make it do what I want it to do heh.

Your quite summary puts me on the write road, especially as I actually
understood it! :)

Thanks again

Kevin

Nicholas Paldino [.NET/C# MVP] wrote:[color=blue]
> Kevin,
>
> Well, here is where you will have to do some work.
>
> First, you will have to set the ContentType header so that the browser
> knows how to process what you are returning.
>
> Then, when that is set, you will have to open the file and write the
> contents. In this case, you should be able to pass the name of the file to
> the WriteFile method on the Response exposed by the HttpContext passed in.
>
> You can then do the email processing and whatnot in the same method
> which processes the request.
>
>
> --
> - Nicholas Paldino [.NET/C# MVP]
> - mvp@spam.guard. caspershouse.co m
>
> "Kevin Blount" <kevin.blount@g mail.com> wrote in message
> news:1149533460 .841104.74500@f 6g2000cwb.googl egroups.com...[color=green]
> > Hi Nicholas,
> >
> > Thanks for the suggestion. I took a look at the link, did some reading,
> > and it does sound like it might work for me. As a test I copied the
> > code from this page:
> > http://msdn2.microsoft.com/en-us/ms227433.aspx (C# version, natch <g>)
> >
> > I adapated the instructions to work for .exe extensions, and the result
> > of that script does appear when I click a link to test.exe within the
> > application (/catalog/) where I update the web.config.
> >
> > i.e. it works!!
> >
> > the next thing for me to do is figure out which parts of that script I
> > need to edit to check the database, email the link, and finally
> > actually let someone grab test.exe. Right now it seems to display the
> > test message *instead* of downloading the file, which obviously defeats
> > my proposed use of the script.
> >
> > Any ideas? I would normally battle it solo (and I will be working on it
> > once I finish typing this), but a deadline approaches, so any help I
> > can get is invaluable.
> >
> > Thanks for posting the link.. it could just work, dammit! :)
> >
> > Kevin
> >
> >
> > Nicholas Paldino [.NET/C# MVP] wrote:[color=darkred]
> >>Kevin,
> >>
> >>You should be able to use an implementation of IHttpHandler. For more
> >> information, check here on how to use them:
> >>
> >> http://msdn2.microsoft.com/en-us/5c67a8bd.aspx
> >>
> >>The only thing you would have to beyond the code is register the
> >>extension as being handled by ASP.NET, and then change your config file to[/color]
> >[/color][/color]