Make folder only accessible for logged-in users on IIS7

StackOverflow https://stackoverflow.com/questions/18400022

Question

I have a subfolder on my webpage with pdf-files.
They should only be accessed if the user is logged in, the login-information is accessed via Microsoft CRM and a variable is stored in cache.
Code is written in vb.net, webserver is IIS7.

How can I prevent access to this folder for not logged-in users? I have been searching for a solution but haven't found one that works with the CRM-login.

I have also been looking into url rewriting, so that the user can't see the direct path to the file (www.abc.com/download/test.pdf) but instead will only see a non-desciptive url (www.abc.com/pdf). But haven't gotten that to work either.

So I'm open to pretty much any suggestions, but I can't replicate the whole userbase or want to setup a sql-database just for this purpose.

Nicholas answer works with this additions:


Using fs As New FileStream("C:\www\pdf\abc.pdf", FileMode.Open)
Dim docSize As Long = fs.Length
Dim docStream(CInt(docSize)) As Byte
fs.Read(docStream, 0, CInt(docSize))
Response.ClearContent()
Response.ContentType = "application/pdf"
Response.AddHeader("Content-Disposition", "inline; filename=/_data/checkliste-4-2013-2.pdf")
Response.AddHeader("Content-Length", docSize.ToString())
Response.BinaryWrite(docStream)
Response.End()
End Using

Was it helpful?

Solution

In web applications I have worked on, we stream the PDF files to the browser. This way no one has direct access to the file's URL and since it is an ASPX page, we can apply whatever securtiy we want (ie. user must be logged in).

Here is sample code similar to what I used:

    Dim strFilePath As String = "C:\www\pdf\abc.pdf"
    Using fs As New System.IO.FileStream(strFilePath, System.IO.FileMode.Open)
        Dim docStream(fs.Length) As Byte
        fs.Read(docStream, 0, CInt(fs.Length))

        Response.ClearContent()
        Response.ContentType = "application/pdf"
        Response.AddHeader("Content-Disposition", "inline; filename=" + System.IO.Path.GetFileName(strFilePath))
        Response.AddHeader("Content-Length", fs.Length)
        Response.BinaryWrite(docStream)
        Response.End()
    End Using
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top