Securing URL in File Download in ASP.net

A

anoop

Hello,
There is a website in ASP.Net in which there is a File download
option with URL

English/Scripts/download.aspx?file=.... . Here the code substitutes the URL
of the file to download. but If I substitute the URL of the file that is
stored on the web server, then file such as aspx.vb or even web.config can be
downloaded by any user. Now I want to know how to protect this "file"
parameter in ASP.Net, so that only intended files can be downloaded.

Thank you
 
G

Guest

Hello,
There is a website in ASP.Net in which there is a File download
option with URL

English/Scripts/download.aspx?file=.... . Here the code substitutes the URL
of the file to download. but If I substitute the URL of the file that is
stored on the web server, then file such as aspx.vb or even web.config can be
downloaded by any user. Now I want to know how to protect this "file"
parameter in ASP.Net, so that only intended files can be downloaded.

Thank you
Click to expand...

Put files for download to a special folder (e.g. /download) and check
if requested file is located in that folder (avoid requests to other
folders)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Creating a direct download div link for pdf file 3
Changing .html in URL 3
Getting Error reading in JSON file 0
implementing download using a url call 2
Securing files 2
Securing files for download. 4
Securing web.config appSettings - *** warning - long post *** 0
Securing a directory and its files with forms authentication 1

Members online

Total: 64 (members: 3, guests: 61)
Robots: 379

Forum statistics

Threads
473,995
Messages
2,570,225
Members
46,815
Latest member
treekmostly22

Latest Threads

Top