c# - stop unauthorized file download in asp.net -

-

i have login.aspx page custom textbox username , password i.e. no loginview
after supplying correct username , pwd assign sessionid used visit other pages on website.

now download file (1234) redierct user ~/download.aspx?fileid=1234, on page check session id , send user file url i.e. ~/file/1234.pdf.
if 1 dirctly enters file url, unable stop him.
plase guide me on how this...

p.s. : have read authentication rule in web.config file dont know how mark user authenticated ones supplies correct username , password @ login. (i checking username , pwd database , redirecting home page)

your authentication strategy weak. should bounding areas of site (namely files directory in instance) roles , assigning users them.

however, around more immediate problem, disable outside world getting files directory , when hit ~/download.aspx?fileid=1234 serve them file. can find instructions here: how serve pdf file


Comments

Post a Comment

Popular posts from this blog

python - ('The SQL contains 0 parameter markers, but 50 parameters were supplied', 'HY000') or TypeError: 'tuple' object is not callable -

-
import pyodbc,nltk,array cnxn = pyodbc.connect('driver={mysql odbc 5.1 driver};server=127.0.0.1;port=3306;database=information_schema;user=root; password=1234;option=3;') cursor = cnxn.cursor() cursor.execute("use collegedatabase ;") cursor.execute("select * sampledata ; ") cnxn.commit() s=[] j=[] x=[] words = [] w = [] sfq = [] pos=[] entry in cursor: s.append(entry.injury_type),j.append(entry.injury_desc) nltk.tokenize import punktwordtokenizer nltk.corpus import stopwords tokenizer = punktwordtokenizer() english_stops = set(stopwords.words('english')) in range(0,26): # filter stop words tokenizer.tokenize(j[i]) w.append([word word in tokenizer.tokenize(j[i]) if word not in english_stops]) in range(0 , 26):#converting tokenzied text ito string sfq.append(" ".join(w[a])) replacers import regexpreplacer replacer = regexpreplacer() in range (0,26):#pos tagging replacer.repl...
Read more

c# - Getting per connection bandwidth statistics -

-
i need determine per-process network usage statistics similar tcpview can do. example http://img513.imageshack.us/img513/861/6601f15814544055a590e26.png so before shoot me posting duplicate of this question , or this question , point out neither of have thorough answer me this. i've been doing research, , there many ways list out active connections , associated processes, whether netstat or other windows api's iphlpapi.dll . now, google'ing i've done, have not found - except these vague terms: getpertcpconnectionestats , getpertcp6connectionestats . presumably tcp on ipv4 , ipv6 respectively. reading supposedly able need do. however, still leaves out udp. , not available on xp systems, tcpviewer works on. i satisfied using tcp, problem is, can't seem find examples of how use them c#. so guess boils down these few questions: does know how tcpview it? how use getpertcpconnectionestats tcp? or can accomplish i'm suggesting? is there known alte...
Read more

jquery - ajax and php updating mysql -

-
i having problem updating database. basically trying everytime download link clicked download count in database goes up. can point me in right direction have been trying right hours :( here html. <div class="button_border_dark"> <a id="linkcounter" href="http://www.derby-web-design-agency.co.uk/freeby-download/<?php echo $freebies_download ; ?>" target="_blank" title="download">click download file</a></div> here jquery <script> $('#linkcounter').bind('click',function(){ $.post("downloadcount.php",{ linkid: <?php echo $id ; ?>}); }); </script> here downloadcount.php trying post data too, updates content. <?php require_once("applications/constants/connection.php"); require_once("applications/controllers/basic.php"); if(isset($_request["linkid"])){ $linkid = sanitise($_post["linkid"]); $updatedownlo...
Read more