Passing through an ASPX file to get a file on a server ? (Webforms)

I have a page where i can actually upload files to 3 folders. I already protected those folders relative to roles of users in web.config. But this is not enough, i need some more validation process, i have to expose the files only to roles which is part of a group. There is 3 groups of persons and they share the same roles. So i have to acces开发者_StackOverflow社区s those files from an aspx where i can define this validation. Poeple MUST pass to this file in order to download files from the server. They can't access the file directly in their browser since i need to figure out which group the user come from and serve the exact files for this group.

Any ideas how i can do this ?

Edit : Groups are not refered to window authentification groups. Groups are a concept in my application.

Thanks.

First, since you're speaking of groups, I assume you're using Windows authentication. If that's indeed the case, then Request.IsAuthenticated will tell you whether the current request comes from an authenticated user, and if it does, Context.User will be a valid WindowsPrincipal whose Identity property will give you the name of the user and the groups he belongs to.

Then, you can perform your checks and use Response.TransmitFile() to send the file to the client (without buffering):

Response.Clear();
Response.ContentType = "application/octet-stream";
Response.HeaderEncoding = Response.ContentEncoding;

Response.AppendHeader("content-disposition",
    String.Format(CultureInfo.InvariantCulture,
    "attachment; filename=\"{0}\"", yourFileName));
Response.AppendHeader("content-length",
    yourFileSize.ToString(CultureInfo.InvariantCulture));

Response.TransmitFile(yourFilePath);
Response.End();

That said, note that an HTTP handler is usually preferred to an ASP.NET page to perform that kind of work.

I wouldn't bother with a whole aspx page to serve just the files. Use a generic http handler instead. Your users can access a url like

MyFileHandler.ashx?fileName=File1

Then in your ProcessRequest method you can do your role validation and serve the appropriate file via HttpResponse.TransmitFile

There may be a better way to go about this. Using HTTP handlers would probably work better for what you are trying to accomplish.

Check out: http://www.15seconds.com/issue/020417.htm

This gives you more explicit control over exactly what you do when files are accessed via any method. Once your handler is ready you can edit your HTTP handler mappings in IIS and choose your HTTP handler to allow/disallow file access.

Your handler could examine the folder of the requested URL and figure out if the user is allowed to see this file or not. Once you figure it out it works really great.