Restrict unauthorized access to file download using handler
I am working on a website where the images and other files are handled by a handler named resources.ashx. These files are not stored in any folder but are fetched from database.
The problem is the access to some of the files is restricted, whereas some images and files are open to all.
Lets say the path to one of the restricte开发者_C百科d image is :
../website/resources.ashx/restrictedimage.jpg
If an unauthenticated user types in this url, he will have access to the image straight away. I want to restrict that.
P.S. -> I can't change the handler as I am referencing it from some other project.
May be an HttpModule
can help you out. Handle the AuthenticateRequest
event, parse/compare requested url and users/roles.
You can use authorization rules in your web.config to control access to the files (ie urls) or your choosing based on user/group membership. See: using multiple authorization elements in web.config
精彩评论