0

I am basically trying to design a controller action that will return a file if accessed on a page but won't if someone tried to go directly to the URL or hotlink it.

I saw something like this, but it didn't work for me C# 4

Page page = HttpContext.Current.Handler as Page;

if (page != null)
{
 // Use page instance.
}

I also tried using HttpContext.CurrentHandler, but with no luck either. Any help you could give would be appreciated.

tereško
  • 58,060
  • 25
  • 98
  • 150
dreadlocks1221
  • 90
  • 1
  • 11

2 Answers2

0

I think it could help you:

How to prevent image hotlink from your ASP.NET site?

Community
  • 1
  • 1
Alex Yaroshevich
  • 78
  • 4
  • I have a media player on a page that will be requesting the files. I am trying to do something in the back end to make it harder to grab the files. (I know nothing is ever 100%, but I need something that makes it harder for the average person who can atleast read the source code) – dreadlocks1221 Aug 17 '12 at 15:47
0

Usual check is to see if referrer is set to something of your liking - check HttpRequest.UrlReferrer.

More robust check is to generate "random" url to the file or add query parameter that only your page can provide (i.e. hash of current time + secret value known only to the server):

/Files/Special.txt?openvalue=2012-08-17&hash=HASHVALUE

where HASHVALUE is computed (i.e. SHA256) based on concatenation of "openvalue" and some secret data (i.e. "2012-08-17" + "secretetext").

This way you can verify if links are generated by your page and age them out if necessary.

Alexei Levenkov
  • 98,904
  • 14
  • 127
  • 179
  • I'm open to this idea, For the random url what would be the best way to handle it though so that I can tell the difference of someone copying it into their browser or even another page (if just for that day). I will check out the URLreferrer, that may be what I'm looking for. – dreadlocks1221 Aug 17 '12 at 15:58
  • I think for browser issued GET requests checking referrer is pretty much all you can do: there is no other information except Url + referrer + cookies. Since cookies are per domain, so if Url pasted in the same browser session it will still come with the same cookies as if sent from original page. Expiring access to content will help with pasting links, but not much with checking if it come from the page... – Alexei Levenkov Aug 17 '12 at 16:18