I manage a software download site, and we've been trying to find a good way to present the downloads to students. Due to licensing restrictions, there are a large number of downloads that should only be accessable to certain students or staff, and many of the files are dvd iso's or other large files. We started out by pushing all the downloads through code, but we found that files over 500 megs would just time out and die half way through. (I think part of this problem is related to using afs for a storage system instead of cifs, but I won't go into that...)
What I was looking at doing was giving users a temporary url to the file that is only good for x number of minutes. I've seen this used on other sites before, but I wasn't sure what was involved with setting it up.
So first off, is this a workable solution for my scenario? Or will we still run into problems? And what is the best method for going about doing this? Thanks!
Something you could do is randomly generate a string in a database that corresponds to a file and do some sort of stealthed redirect to the actual file. This parameter would be passed as part of the query string and would allow you to invalidate urls however you like by performing any kind of checking before sending the file.
Well, as you haven't mentioned about the IIS version, you may take a look at
http://learn.iis.net/page.aspx/389/configuring-ftp-with-net-membership-authentication/
This article explains how to configure FTP server for ASP.NET Membership authentication. If you set this up, you can restrict the files based on roles.
Also, I doubt how you would implement a anonymous url solution without pushing the downloads through code.
Related
I am creating a system which error checks ARM-scripts and stores the results in a json file (for efficient parsing for future projects). My problem lies in the sheer size of the json file and need to know if anyone has any cleaver solution to present the json file.
The code runs through azure functions on an http trigger, at first i presented the result in the response message, but when the file got bigger, the site crashed all the time.
One method which i am working on now is to create an html file which contains the data and only shows i.e. 1000 lines every time the user clicks a button. Would this be a waste of time, considering the users ability to search, copy etc? Is there a better solution which could be implemented in c#?
Can the solution be done in a C# class
Could it be done straight in the http trigger class?
Thank you in advance!
1000 lines every time the user clicks a button. Would this be a waste of time
Yes. ANYTHING that involves a human is garbage when you talk of config files of 1gb - particualarly if this does not involve any sort of search function and involves human eyeball scanning. It will NOT work, unless you talk of something like a header (i.e. top of the file). Period. That is a solution that works - for some sort of human cyborg that does not exist.
Is there a better solution which could be implemented in c#?
I dare saying there is no good solution. Some sort of editor showing the json alternatively as tree with a LOT of search functions AND some sort of path functoin would POSSIBLY be better but also a LOT of work. The problem is that a 1gb json file is not something you can have any overview in, period. Humans being what they are.
I am searching for a function that allows me to put a dialog-window(w/ a password query) before the folder is accessed. Is there such a function? Also, this would be great if this protection is there before any program, even Windows Explorer/cmd.exe are allowed to access those files. Is that possible to make?
I'm not using something like IOContainer, passwd. protected ZIPs or any other things that are too slow, because I guess 20GB in one file are a bit overkill and it would take ages to decrypt that file. Is there maybe a VFS solution for C# which supports password protection and can be used as a normal filesystem or folder on the disk?
Thanks!
There exist two options. The simpler one is to have a virtual file system mapped from the file. Our product, SolFS (OS edition), does exactly what you are asking in the second part of your question - it provides a container with optional encryption, which is exposed as a virtual drive so that access to the contents is transparent. Decryption in such systems is done in pages, so 20GB-large file won't be decrypted in whole as you worry.
Another option is to employ a filesystem filter driver, which will intercept requests for directory opening, and will ask the user for a password. This approach is possible (we even have a product for this, called CallbackFilter), but there are two drawbacks in it: first, it's not impossible to remove the driver, leaving the data unprotected. And the second problem is that if you ask the user for a password in a callback, while the OS is waiting for access to the directory, you can end up in a deadlock or a timeout while the user is thinking.
With these two limitations in mind something like SolFS is the preferred and recommended approach.
PS: and we have free non-commercial licenses as well.
I'm writing a file system using Dokan. What I want to achieve is allowing users to access files that are on multiple sources as if they are all on a local folder. i.e. a file can be available locally, on a remote location or in memory.
Initially I was creating placeholders that describe where the actually file is available (like the win8.1 OneDrive). When the user access a file, I read the placeholders first. Knowing the real location of that file, I read the real one and send the data back to the user application.
After about an hour of coding I found this idea seriously wrong. If the real location of the files are on the Internet, this will work. But if the file is available locally, I actually need request my hard drive to find two files(placeholder and the real file). Also, if the file is available in memory (users do this to improve performance), I still need to access the hard drive, making it pointless to cache the file into RAM.
So... I guess I have to write my own file table, like the NTFS MFT. Well, the concept of a file table is straightforward. But I'm not sure if I can write one that's as efficient as NTFS. Then I started considering a Database. But I'm also not sure if this is a good idea...
What should I do?
Thanks!
PS. I only have very basic knowledge of File Systems.
Thank you for looking into this! My boss asked me about the following: We are in a library and we have online access to journals. When someone requests access to a journal, we log them on. If this has to be done for a whole class of students, it takes quite some time.
Let's assume we have a Csharp application. The application is in the C:/Program Files/ folder together with some kind of configuration file that contains the credentials and URLs and so forth. Since the files are in the C:/Program Files/ directory, a regular user will not have access to copy/manipulate any of the files. Using the CSharp SecureString class, the credentials would be safe. However, as soon as the application opens the browser and uses HttpWebRequest to send a POST request to log us in, the data would not be safe anymore.
Is this correct? A regular user can start an executable and could gain access to the POST data in the browser or can maybe impersonate the browser to get the POST request data.
If this is the case, I have two questions. The second one may be a question about opinions but the first one shouldn't be.
Is there any way to do what my boss wants me to do safely without ever giving anyone access to the credentials?
Is this a bad idea and should not be done at all?
I am also happy about "You should not do this, because..." answers, because this would also solve the problem for me if I can convince her of this.
Thank you!
Edit:
Sorry for the lack of information: Different accounts are used. Most of the time, it would be the student's own domain account. We also have a generic domain account we sometimes use in the library for classes to have the computers already logged in when the class arrives to speed things up. So this is a well known account. Of course entering the credentials in front of the patron as we do now is in no shape, way or form secure either.
It is a provably unsolvable problem. Since the user's machine, in your setup, needs to know the sensitive information, there is no way for you to prevent that machine's user from also knowing that sensitive information. The only way to prevent the user from accessing it is to ensure that the sensitive data is never on the client's machine.
Pretty much any "good" solution is going to require some sort of cooperation with the site in question, which you presumably won't have. Good solutions would involve having a server only you control (with the "real" credentials) log in, and then provide some sort of temporary token or session ID to the user to use for a period of time, and that would expire after a short while.
Another option is to never have the user directly access the site, but rather always access a server you control which will redirect all traffic (that you consider valid) over to the other system. While this is an option that would be possible without any cooperation from the 3rd party, it likely wouldn't be terribly trivial to implement.
We're going to be moving lots of computers round in the fairly near future, and I thought I'd get all prepared by migrating all my application connection strings into one central location, so that I can update them in one fell swoop when the time comes.
I thought: "I know, I'll store them in the Active Directory"
Unfortunately, my knowledge of Active Directory is so slim as to be almost negligible. I can read groups and detect which users are in those groups, and basic things like that, but I would not know how to go about structuring Active Directory to hold this information.
I thought it might be good to have a "ConnectionRespository" place, with lots of named "Connection" objects in it, but I have no ideas how to go about setting up such a thing. Ideally, I'd like an application (in C#) to manage it, adding and removing Connection objects as necessary.
Any ideas greatly appreciated.
serviceconnectionpoint objects are designed for this kind of thing. They are generic data objects that dont mean anything to Windows. No schema change needed
However its not clear to me that you need to put this stuff in AD. Connection string info logically belongs to the app servers; AD is for stuff that everybody needs
The specific functionality you are looking for is an "Active Directory Application Partition". There's a great blog with a book's worth of information and code samples as well.
I would discuss this with your Systems Architecture/Operations group before proceeding. You are going to have to modify your AD schema, and I know that process can take a long time at many organizations.
Extending Active Directory means you quickly hit lots problems, as even rebooting your AD server will need the approval of lots of people in most companies.
I would just put all your sheared config data in a XML file that you download from a web server.
Or put the config info in the registry of every machine on your network with an Active Directory Group policy.