Reputation: 39
Retrieve external html file and securely display in browser
I am working on an online publication subscription site. I developed it in ASP.NET MVC 1.
Basically, the user purchases a magazine or newspaper and the path to that publication becomes available to them. However, the catch 22 is, they are not allowed to see the filepath to the publication as this will be unsecured.
I've built a function that can retrieve the publication and download it without showing the filepath to the user but this is a problem because the publication is an HTML file that needs other files and folders in the same directory to view the magazine or newspaper.
I know you might say to download the entire directory folder, but this is unreasonable as it can be up to 200MB. I thought maybe retrieving the filepath and then redirecting to a page that will load the publication in an iframe but I think this will be a security risk as well as anyone with a bit of knowledge of browsers can view the source and get the filepath from there.
If anyone has a suggestion of a secure way to retrieve an html file and display it in the browser, any help would be appreciated. Thanks.
Upvotes: 0
Views: 480
Answers (2)
Reputation: 608
Easy! Store your secret urls in a database table, and reference them by ID instead.
Set up a new Controller action as follows:
public ContentResult ShowNewspaper(long Id) {
var mySecretURL = db.SecretURLs.Where(k=>k.Id == Id).FirstOrDefault(); // Grab URL entry the database
string htmlCode = "";
if(mySecretURL != null) {
WebClient client = new WebClient();
htmlCode = client.DownloadString(mySecretURL.URL);
}else{
htmlCode = "Page not found!";
}
return Content(htmlCode,"text/html");
}
So now if you call:
mysite.com/Home/ShowNewspaper/5
This will load the HTML at the URL stored in the database for record 5
You could also go a step further and check to see whether or not this controller action was called from your site (as opposed to directly) by checking the Referrer.
Hope this helps...
Edit: You could also store the "Authorised User ID" in the database record too, and check so that it is only accessible if the ID matches the currently logged in user ID, to prevent unauthorised access to this controller action and therefore the magazine... if not, redirect them to a login screen with
return Redirect("/MyLoginURL");
Upvotes: 1
Reputation: 68526
Connect via SFTP to the remote server(where all the publication files reside) through C#. [This link shows how to connect to SFTP and download the file through C#.Net] and download the file to your end to a random-number generated folder. Now, you can serve the file to the end-user.
Upvotes: 0
Related Questions
- How to secure file download via controller action and ajax?
- Cannot access to physical HTML file
- How to render my external html file inside the div element in MVC?
- How do I protect a file from direct download?
- Protect file for download
- .NET MVC - accessing .xhtml file
- Securing files in a mvc3 envrionment
- protecting files with asp.net (mvc)
- Restricting public access to a file on an ASP.NET site
- Secure static html files using IIS7 in integrated mode and using custom httphandler