Securing Files over Web: Fine Grained Authorization Based File Access

I have a system where employees can upload files. There are three ways

Upload to my account in public, private or protected mode

Upload to department account in public, private or protected mode

Upload to organization account in public, private or protected mode

where public is visible to anyone, private to the group or person only and protected to anyone in the organization.

All the files for an organization are stored in a directory say, /files/<organizationId>/, on file server like

files

+-- 234809

| +img1.jpg

| +doc1.pdf

+-- 808234

| +doc2.pdf

I am storing file-path and privacy level in DB. So, I can control whether to show link to a file URL to an user -- on a given page.

The problem is, I do not have any control over file's URL... so, if some one types the URL to img1.jpg in his browser's address bar, there is no way to know whether a logged in user is eligible to see img1.jpg.

Any suggestion?

Its a Java application. However, there's a separate instance of Glassfish working as file-server. Since the app is not released yet, so we are open to adopt to a better file access strategy.

The user who are accessing the files may or may not be logged in. But we can always, authenticate a user 开发者_如何学Goby redirecting to login page if we know that the file that is being accessed, is a private or shared.

Thanks

Nishant

You pose an interesting question and your understanding of the problem is correct.

Depending on the version of IIS that is serving the content, you may not even have access control if the content was within your vdir.

A typical solution to this type of scenario is to store the files in a directory that is NOT accessible to the internet and use an HttpHandler that IS protected and stream the files out.

There are several ways to go about this, the simplest being an HttpHandler mapped to a nonexistent directory, say /downloads, and parse the filename out of the RequestUri, set the proper content-type and write the file to Response.

In this case, your HttpHandler IS protected enabling you to determine access.

You could store the files outside of the public folders, and have some sort of route to catch any URL that is requesting a file from an organization. Then you can serve the file programmatically, rather than letting your web server do that without any control.