0

I'm building an ASP.NET C# website, one of the files contains Word Docs and PDF files which I want to block access to, unless they know the password. I tried the FileIOPermission Class using full path and relative path with no luck. 

FileIOPermission f2 = new FileIOPermission(FileIOPermissionAccess.NoAccess, @"resources");
f2.AddPathList(FileIOPermissionAccess.NoAccess | FileIOPermissionAccess.NoAccess, @"resources");
try
{
    f2.Demand();
}
catch (SecurityException s)
{
    //Console.WriteLine(s.Message);
}

Response.Redirect(@"resources/20019_05_05_DOCS.zip");

I am testing the code, expecting to get access denied, but I can still access the files in the resource folder . Thank you.

Danilo Körber
  • 858
  • 1
  • 7
  • 27
Basil Cabrera
  • 43
  • 4
  • 2
    Is this a duplicate of this prior question here? https://stackoverflow.com/q/26968328/125981 or this one https://stackoverflow.com/q/6822173/125981 Or, even this one https://stackoverflow.com/q/528858/125981 So, perhaps you simply need to put the file in the proper folder? – Mark Schultheiss Jul 04 '19 at 18:57
  • Thank you for the links, however, I don't want the files permanently hidden. I want the files to default hidden, provide password allow access, then hide them again. – Basil Cabrera Jul 05 '19 at 17:50
  • It sounds as if you want a authorization filter - 'Authorization (preventing access to resources a user isn't authorized for)' in combination with a resource filter which runs after that... here is an overview https://learn.microsoft.com/en-us/aspnet/core/mvc/controllers/filters?view=aspnetcore-2.2 – Mark Schultheiss Jul 05 '19 at 20:12

1 Answers1

0

this is how I solved this problem.

Hide your files in App_Data.
If user's password is correct,
fetch the file using byteArray = System.IO.File.ReadAllBytes(filepath)
Provide the doc using return new FileContentResult(byteArray, MimeType);

the end

Basil Cabrera
  • 43
  • 4