-3

I have a file which I would like to access from my computer using a program, not a browser. But I don't want anyone else to be able to see it. So I want to send a password along with the request.

How do I set the file up to require a password? (Any type of file. Not necessarily a web page which has a codebehind.)

I searched, but all I could find is instructions about setting up login pages. That's not what I want.

EDIT

I see posts like Using HTTP Authentication with a C# WebRequest which use NetworkCredential - But it seems that to use Basic Authentication, one needs to use a Windows User account. This is not secure. Is there a way to create a password (+ username if needed) only for a specific file or folder ?

Community
  • 1
  • 1
ispiro
  • 26,556
  • 38
  • 136
  • 291
  • 1
    You could set your web server to basic http authentication and then use the `HttpWebRequest` or `WebClient` class to access it: http://stackoverflow.com/questions/707888/using-http-authentication-with-a-c-sharp-webrequest – Hinek May 26 '14 at 11:34
  • @Hinek That's exactly what I want to do - But the link only shows how to _access_ it with a password. How do I set up the page to require it? – ispiro May 26 '14 at 11:35
  • What kind of web server are you using? IIS? Apache? – Hinek May 26 '14 at 11:36
  • @Hinek IIS.​​​​​​​​​​​​​​​​​​​​​​​​​ – ispiro May 26 '14 at 11:36
  • @CloseVoters - Care to explain why? – ispiro May 26 '14 at 11:39
  • In IIS Manager select the folder that contains your file, double click Authentication and disable Anonymous + enable Basic. Then go back and double click Authorization Rules, remove All Users and add your user ... basically. – Hinek May 26 '14 at 11:42
  • @Hinek Thanks. But I'm still looking for simple password protection - not user-based protection. – ispiro May 26 '14 at 11:47
  • I think you should detail your question ... so far, no one (including me) understands what you want to know. Where is the difference if your program submits a username and a password or just the password? – Hinek May 26 '14 at 11:56
  • @Hinek Thanks for all the input. I don't care if I have to send a username. I just thought that you were referring to creating a new Windows login username. (Because "Authorization rules" _doesn't have_ any place for a password.) Now I found what (I assume) you were referring to - which is ASP.net -> Users. Unfortunately, this is a hosted website and I'm getting an "the configuration section for this feature has been locked and is read-only" error. You can convert your comment to an answer, though. It seems to be exactly what I've been looking for. – ispiro May 26 '14 at 13:18

2 Answers2

1

You need some sort of authentication mechanism on the server.

There are a few possibilities:

  1. Pass around username/password in the header of the request (make sure to use HTTPS and probably hash the password);
  2. Use the user agent to 'check' what / who it is (less recommended, easy to forge).

I would go for 1:

HttpWebRequest wr = (HttpWebRequest)HttpWebRequest.Create("url");
wr.Headers["username"] = ...

On the server end, use a HttpHandler or something like that to check access to the file and pass the right one to it.

Patrick Hofman
  • 153,850
  • 22
  • 249
  • 325
  • Thanks. That sounds like a good idea. – ispiro May 26 '14 at 11:36
  • +1. But I would still like a simpler answer that will work for an arbitrary file type. – ispiro May 26 '14 at 11:42
  • Then set up regular authentication, like proposed in the comments. This will however give you no extra control then just the password-checking. – Patrick Hofman May 26 '14 at 11:44
  • Thanks. But I'm looking for simple password protection, not user-based protection. – ispiro May 26 '14 at 11:48
  • 1
    This answer will serve that purpose as well. Instead of the words "username/password", use the words "application key/pin". Now its no longer user-based as you will pass that only from your "app". – Abhitalks May 26 '14 at 12:00
1

You could set your web server to basic http authentication and then use the HttpWebRequest or WebClient class in the client program to access it: Using HTTP Authentication with a C# WebRequest

On the server: In the IIS Manager select the folder that contains your file, then:

  • configure Authentication (disable Anonymous + enable Basic)
  • create a user
  • configure Authorization Rules (remove All Users and add your user)

Maybe this question helps you, too: How do I create a user account for basic authentication?

Community
  • 1
  • 1
Hinek
  • 9,519
  • 12
  • 52
  • 74
  • +1. Thanks. From [an answer to the question that you linked to at the end](http://stackoverflow.com/questions/5373497/how-do-i-create-a-user-account-for-basic-authentication/22513386#22513386) , it seems that what I'm looking for is impossible - The only way to have a file behind a password is by adding a Windows user account. – ispiro May 26 '14 at 13:37