How to restrict direct access to video file in asp.net MVC

Question

In my project i have a Upload folder where the user upload the video file and then view it form this folder through HTML5 Video player. But if a authentic user browse www.mysite.com/Upload/videofilename.mp4 then Video also be displayed. i want to restrict direct access of Video folder. Is there any way?

Answer 1

You have to set hiddenSegments in your web config for your Upload folder. You can also set it through IIS. YourSite > Request Filtering > Hidden Segments. Once you set hidden segments, anyone can't access file using url.

Webconfig

 <security>
      <requestFiltering>
        <hiddenSegments>
          <add segment="Upload"/>
        </hiddenSegments>
      </requestFiltering>
    </security>

View Page

<video width="320" height="240" controls>    
    <source src="@Url.Action("GetMedia","Home")" type="video/mp4" />
</video>

Code

    [Authorize]
    public ActionResult GetMedia()
    {
        string fn = Server.MapPath("~/Upload/1.mp4");
        var memoryStream = new MemoryStream(System.IO.File.ReadAllBytes(fn));
        return new FileStreamResult(memoryStream, MimeMapping.GetMimeMapping(System.IO.Path.GetFileName(fn)));
    }

Answer 2

You have two options:

Option 1:

Use the IgnoreRoute statement in the RegisterRoute method of your RouteConfig class. Example:

public RouteConfig
{
    public static void RegisterRoutes(RouteCollection routes)
    {
        routes.IgnoreRoute("yourRoute");
    }
}

Reference: https://www.c-sharpcorner.com/UploadFile/f82e9a/ignore-route-in-mvc/

Option 2:

Deny de access to all user in your Asp.NET web.Config. Exmaple:

<location path="yourPath">
     <system.web>
        <authorization>
           <deny users="*"/>
        </authorization>
     </system.web>
 </location>

Reference: Asp.net MVC Routing - Preventing a route to an XML file with a constraint