Content Repository - Security

C

Champika Nirosh

Hi All,

I am developing a Content Repository to store some html pages (htmls have
some embadded resources such as images)

I keep all the html files and their resources away form the wwwroot, when a
logged-in user requested for a particular html page.. I get the location of
that html file from the DB and send it to the user while copying all the
embadded resources belong to this file in to another temp folder in wwwroot.
I re-write all the reference link of these images in the html file to match
with the new location.. there when user try to see the html with their
browser they see the embadded resource as well.. but if the user right click
on a embaded resource and copy the URL (resource link) and later even after
he logged out, he can use the same copied URL to get the image again.. since
it is there in that online folder.. Is there any better way with ACL or
anything that I can avoid this senario in ASP.NET..

Thanks,
Regards
Nirosh.
 
P

pete

Hi,

You could put some code in the Session_End which clears down all html
pages when a users session ends. The only trouble there is you would
have to keep track of what files each user has viewed. Plus, if more
than one user views the same file it will get very tricky.

If you are using windows integrated security you could always put the
html "store" within your WWWRoot and set the permission of the folder
so only logged on users could view the files.

Another option which would work would be instead of copying the files
to a temp folder and providing a link, read the files from their safe
location and stream the files directly to the browser (instead of
saving to disk). This wouldn't work too well with html files and
seperate images, but would be fine if you saved the html files out as
mht's.

Regards,

Peter Chadwick (MCP)
(e-mail address removed)
 
C

Champika Nirosh

Thanks for the helps... yes .. I knew these options.. plus u can have some
sperate cache folders (in WWW root) for each registered user and allow them
to cache their content in these temp folders.. but I thought that .net would
have a better way to tackle this issue... I heard that Java got a solution
called URL- rewriting or some thing... Do you know any thing some what
similar in .net

Nirosh.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

how to retrieve section CDATA from xml file 1
Content Repository 2
What does this mean(web site content) 2
Language strings 7
Search Engine 1
Language resource for component 1
wwwroot folder perms for web developer box are NOT right now? 3
AxWebBrowser show image 1

Top