our team just work on a project which works on an Automation system. we use ASP.NET technology.here is my Question:
We have some users that could access to some Official letter on a Directory.for example here is a link: 192.168.1.1/home/Documents/1/Example.DOC
each user have it's own user and password and they are on local office network. if a user could use the link above so he can copy and paste it on browser and access to files. we need some solution that denied users to access file directly in our server.so our application should get the file from directory and return it as new link to user.so if the user copy/paste it again he can not get the file because the virtual link has absolute. what solution do you recommend? Thanks all.
User handler (.ashx) to return a file. The handler can check if user has permission for file. If the file should be downloaded only once lazy method (without some file ticket system) is to limit download availability to just few minutes - i.e. make a redirect to .ashx from your page and add symmetrically encrypted timestamp
Response.Redirect(#"/GetFile.ashx?Timestamp=[Symmetrically Encrypted Current Date and Time]&FileName=Example.doc");
And in handler check if timestamp is valid (not older than few minutes) and serve the file.
Related
I've had a login I have used so far to login while I was opening c# solution.
For some time, suddenly VS hadn't asked me for my user credentials and later I discovered
that I am under: "Admin" account when checking in the files ...
I have no idea How I could change the user name for my previous one ...
Can anyone give ma a hint How I could do it?
Thanks
check in all files that you check outed using Admin account. Then go to File/Source Control / Change Source Conrol and Unbind the project.
After unbinding, bind project. While binding VS askes you VSS user name.
I am currently using a WSS 3.0 Web Part (C#) for creating a cookie.
I have a link button in my Sharepoint site which has an event that calls an encryption method and then stores the encrypted value in the Cookie. After creating the cookie, I am redirecting the user to a new URL which opens in a new window.
The cookie creation is successful. I was able to store my desired value and the domain that it gets is the one of where the link button is located.
What I want to do is to open the cookie in the newly opened window but when I try to use HttpContext.Current.Request.Cookies["cookieName"] I always get a null.
Can anyone help me with this issue ? I've been working on this for a couple of days now. I believe that there is an issue here regarding domains but I can't figure out the right solution.
I would start troubleshooting this by using browser developer tools (e.g. F12 in IE) to ensure that the cookies are actually being saved on the client - yes? Then :-
Is the new window opening with a URL that has a domain the same as the orig URL?
e.g.
#1 http://site.yourdomain.com/page1
#2 http://site.yourdomain.com/page2
If not then site1 can't read site2's cookies.
You also need to do some extra stuff to share across sub-domains.
MSDN - ASP.NET Cookies Overview
I need to implement a operation in which the user requests a file which takes sometime to be generated ( 2 - 4 minutes). After that, the user needs to download the file, preferentially through ASP.NET ( to make use of the browser download facility). Only the specified user can download this file.
Here is how i tried to do it:
First, I built a duplex wcf service. The user calls it with the data it needs and then it starts the file generation, notifying the progress through the callback channel. In the end, the service is supposed to send to the user a url, token which he will use to download the file. This part works fine.
I saved the file to a temp folder in the asp_data folder, to prevent it from being accessed directly. Then I created a aspx page to receive the token ( whatever it is), validate it against the current user, the defined expiration, and replace the response with the file.
Then the things got messy. I do not know the right way to generate the token through WCF, return it to the client and use it the access the download page. I tried two different approaches, but I think I'm giving up on both:
Generate a guid for the file, encrypt it inside a FormsAuthenticationTicket (with the user information and expiration) and send it to the client. The client then uses the ticket encrypted string as the token to the download page, which validates the user in the ticket against the current one , check the expiration, extracts the guid and sends the file back. The problem is that the generated encrypted string gets really big, unusable in a url.
Generate a guid for the file, save it in ticket ( with validation data and the path to the file) in the httpcontext session. the wcf service then passes the guid to the client, who uses it to access the download page. The download page checks the session, retrieves the ticket, serves the file. The problem is I'm having some trouble acessing the session in the WCF operation. The user requests the file, the server starts a thread to generate the file and make the callback calls, so the first server call returns (nothing). When I've finish generating the file with success, the callback thread tries to access the session, save the ticket and return the guid to the user in a 'FinishOperationXXX' callback. I cant access the session, though, because it seems to be no longer available to the callback thread.
I don't want to use a database to do this, and I'm trying to avoid downloading the file throught the WCF itself, but I need to get this working. I guess I'll manage to do it somehow, but I wonder:
Am I doing this the hard way?
Do anyone have a clue about implementing something alike?
Why do you need encryption and a FormsAuthenticationTicket?
Wouldn't it work well enough to just name the file with the type of file, user's userid and a timestamp (filetype_userid_timestamp.ext) and only allow users to download files that contain their userid in the middle field?
(type of file being different for each page doing this in case you had more than one...)
Authentication for the user should already be handled by the session right?
i put data in, but no mdf file is created. No database is created.. Why is that?
An extract from the book that i have read now:
At this point, the CreateUserWizard control uses the ASP.NET Membership class behind the scenes to create a new user. The default membership provider creates the aspnetdb.mdf file (if it doesn’t exist already) and then adds the new user record. Once this process is complete, the CreateUserWizard control shows a message informing you that the user was created. Miraculously, all of this takes place automatically even though you haven’t configured anything in the web.config file and you didn’t create the database file in advance.
Things to check:
1: Refresh your solution. The file might be hidden under App_Data folder. Check in the file system i.e. your physical folder.
2: Check your web.config to make sure if there are any specific configuration related to membership provider or connectionstring.
3: Handle CreateUserError event to see if it gives any more info.
4: Check your Event Log to see if there are any errors.
5: Launch ASP.NET Website Configuration tool and see if the user you created exists there.
Or we need more info like web.config settings and your CUW code(if customized).
I am planning to sell digital goods on my website (Asp.net). After successful payment the customer will be redirected to the download page of my website, which will display the link to download the digital content stored in my server.
I want to secure the location of the file, by creating a disposable link to the file. Every time a customer visits this page a new download link will be generated for the same file. Also this link should expire after it is downloaded for the first time.
Is it possible to do it in asp.net ( C# preferably )? if yes how can i do it?
If you want to the Link itself and not the query string to expire you will need to us MVC or at the very least URL routing in .NET. Then you will need to do the following:
Create a table with the expiring URL (generate with using time or GUID generator), createdate & time, and how long before it expires.
When a user clicks the link it will check in the RouteHandler for a row existing in the table. If the row exists and the createdate & time + expiration time is still greater than current time then show them the page. Otherwise redirect them to whatever page you want.
Yes it is possible. One way would be to use handler (.ashx) files.