Deny Access to MP3 folder

[asadikhan]

Hi,

I have an Audio folder under WWW on my website. My site is hosted with
an online company. Inside the Audio folder I have bunch of mp3s. I
want to embed these mp3s using flash, but I do not want to allow users
to simply browse to the mp3 file and be able to download it. Here is
my web.config file:

<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/
v2.0">
<appSettings/>
<location path="Audio">
<system.web>
<compilation debug="true"/>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Audio/mysong.mp3">
<system.web>
<compilation debug="true"/>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
</configuration>

After doing this if I browse to www.mysite.com/Audio it tell me that
the directory listing is not permitted. However, I can still browse to
the song file and create external links to it and download it. Any
ideas?

 

[Mark Fitzpatrick]

The web.config settings won't work in this case. The web.config only affects
files that are handled by files that can be processed by ASP.Net. An mp3
file is not handed off to the ASP.Net handler for processing so there's no
way for it to be denied access. You would have to map the mp3 file extension
with ASP.Net's processing dll which, unless you're on a dedicated server,
your host isn't likely to allow. And if you did map it, you would
effectively deny access to the file no matter what since you're telling it
to deny access to all users, including the ASP.Net application or any link
that goes directly to it. The virtual directory listing is a function of IIS
so ASP.Net actually isn't blocking anything here, just a typical IIS
setting.

The best way to avoid users simply downloading a file is to have it streamed
through a streaming audio server. You can do other methods, such as having a
page that you can pass an id to and have it pull the file from somewhere
that's hidden in the file system (ideally outside of the directory that the
web site is mapped to), but users would still have access to the link and be
able to download it anyways.

Hope this helps,
Mark Fitzpatrick
Microsoft MVP - Expression

 

[Guest]

The easiest way to handle this is to have the mp3 folder outside of the IIS
application (not in the web). As long as your streamer is capable of loading
these from a physical path, e.g. c:\mp3s\songName.mp3 then it should work.
-- Peter
site: http://www.eggheadcafe.com
unBlog: http://petesbloggerama.blogspot.com
BlogMetaFinder: http://www.blogmetafinder.com