1

In my project i have a Upload folder where the user upload the video file and then view it form this folder through HTML5 Video player. But if a authentic user browse www.mysite.com/Upload/videofilename.mp4 then Video also be displayed. i want to restrict direct access of Video folder. Is there any way?

himadri
  • 626
  • 5
  • 19

2 Answers2

4

You have to set hiddenSegments in your web config for your Upload folder. You can also set it through IIS. YourSite > Request Filtering > Hidden Segments. Once you set hidden segments, anyone can't access file using url.

Webconfig

 <security>
      <requestFiltering>
        <hiddenSegments>
          <add segment="Upload"/>
        </hiddenSegments>
      </requestFiltering>
    </security>

View Page

<video width="320" height="240" controls>    
    <source src="@Url.Action("GetMedia","Home")" type="video/mp4" />
</video>

Code

    [Authorize]
    public ActionResult GetMedia()
    {
        string fn = Server.MapPath("~/Upload/1.mp4");
        var memoryStream = new MemoryStream(System.IO.File.ReadAllBytes(fn));
        return new FileStreamResult(memoryStream, MimeMapping.GetMimeMapping(System.IO.Path.GetFileName(fn)));
    }
Divyang Patel
  • 920
  • 1
  • 8
  • 15
  • Thanks...It Works... But One Question. Does this approach take long time for large video file as in this code you read the video file at memory stream. So for large video file do it take long time...Again is it send byte to HTML5 Video player Asynchronously or Send all byte at a time? Any Idea? – himadri Sep 26 '18 at 04:00
  • Yes...I tested With large Video file... and as g uess it takes long time to Load..We have to find way to push Output stream Asynchronously.... – himadri Sep 26 '18 at 05:44
  • I tested with 1gb video,Page load is quick but found a problem with async of video because of slow write speed of memory stream. You can use **blob** url to optimize load time. Refer [this](https://stackoverflow.com/questions/9756837/prevent-html5-video-from-being-downloaded-right-click-saved) link. It may be helpful for you. – Divyang Patel Sep 27 '18 at 13:21
  • I tested with blob url. It works fine at Edge and Firefox. but chrome give the error blob:http://localhost/a130e290-5ea0-42af-bb53-604db84943d8 net::ERR_FILE_NOT_FOUND – himadri Sep 28 '18 at 09:45
  • 1 for IIS hidden segments – Behzad Hassani Sep 25 '22 at 10:32
0

You have two options:

Option 1:

Use the IgnoreRoute statement in the RegisterRoute method of your RouteConfig class. Example: 

public RouteConfig
{
    public static void RegisterRoutes(RouteCollection routes)
    {
        routes.IgnoreRoute("yourRoute");
    }
}

Reference: https://www.c-sharpcorner.com/UploadFile/f82e9a/ignore-route-in-mvc/

Option 2:

Deny de access to all user in your Asp.NET web.Config. Exmaple:

<location path="yourPath">
     <system.web>
        <authorization>
           <deny users="*"/>
        </authorization>
     </system.web>
 </location>

Reference: Asp.net MVC Routing - Preventing a route to an XML file with a constraint

bucyDev
  • 142
  • 8