question

nachoshaw-9496 avatar image
0 Votes"
nachoshaw-9496 asked XuDongPeng-MSFT answered

password protected download

Hey

i am currently downloading some update files for our custom application from an open obscured web location. Ive been asked if i can make it more secure. Im thinking either a web service or some sort of password protected method of downloading. I do see that the My.Computer.Network.DownloadFile has an option to pass a username and password as args but i couldnt find much about how to implement that.

So, whats a good solution? Are there any web services examples out that that i can look at?


Thanks

dotnet-aspnet-webpages
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @nachoshaw-9496 ,
Could you please describe in more detail which step you are having trouble with?
For information on how to use My.Computer.Network.DownloadFile, you can refer to the documentation below.
To download a file, supplying a user name and password


0 Votes 0 ·
nachoshaw-9496 avatar image
0 Votes"
nachoshaw-9496 answered

Hi

I can download, i just need to make it more secure. I get that you can pass a username & password using the method i called out but there doesnt seem to be any documentation that explains how to handle the username & password in order to secure the download. for example: the link you provided shows a text file download with a username=anonymous and a blank password but using the exact same method, you can bypass the username 7 password entirely which doesnt make it secure.

So im looking for a solution of either

how to handle the protection of a download using a username & password that cannot by bypassed by skipping the credentials
how to implement a webservice that i can use to validate a user and permit the download.

I found a range of webservices but nothing really explains how to implement it on the webserver



Thanks

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

XuDongPeng-MSFT avatar image
0 Votes"
XuDongPeng-MSFT answered

Hi @nachoshaw-9496,

Based on your description, I think what you want to implement is to manually enter account info for authentication every time you download a file, right? Or do you just need to make sure that all files can be downloaded after once authentication?

  1. The first case:

    You may need to customize a similar modal window to enter account info for users, and then pass these info through the request(e.g. button click event) to the backend for authentication. Finally return the result.

  2. The second case:

    You just need to make sure the user is logged into the application before downloading the file. When a user tries to download a file, you can get the context of the HttpRequest, and determine the user's login status and return different results accordingly. For example, when the user is not logged in, just redirect to the login page.

In addition, I'm not sure the custom application you mentioned. If it is a .NET MVC project, you could also implement your requirement via Authorize attribute. Just add it on download file action method. Something like this:

<Authorize(Roles:="Administrators")> _
    Function DownladFile()
        Return View()
    End Function

For more details, you could refer to this doc ( for VB.NET): Authenticating Users with Forms Authentication (VB).

Of course, exactly which method you use to implement it is up to you, or your specific needs and actual situation. But if I have any misunderstanding about this issue, just let me know.

Best regards,
Xudong Peng


If the answer is the right solution, please click "Accept Answer" and kindly upvote. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.