My web page (asp.net) is supposes to show a table of very classified media, and then to open the files in a new windows when clicked.
When I place the media locally on a folder on the IIS server and link to the files there, it works fine. But the security consultant did NOT allow it in any way(!). He says it means that the end user has access to the media folder, and since all of the files (of all the other users) are in the same folder he can potentially see all the other media.
His solution was to store all the media on another file server, where the client has no access, and the web page would show the media from there (without giving the client any permission on that other file server). So basically, the IIS server would be like a middle man between the client and the media.
That brings 2 issues:
A direct link (full path) to the file server media doesn't show anything (even though if create a simple html page via notepad, with the same links, it does work). Maybe asp.net doesn't allow full network paths for some reason?
I still need the users to open the media on a new windows when the media is clicked. Right now it works with a Href link to the local file location. How can I do it once the files are not stored locally?
I searched around and people suggested to create a virtual domain from the DNS server, So that instead of "\fileserver\shareName", it would changed to "www.fakedomain.com\shareName". That didn't seem to work as well.
What is the best practice when trying to show media from another server? I really hope I managed to explain the situation correctly...
Well, keep in mind that web-based URL's often map to a web folder in your root.
However, code behind has no such restrictions.
so, as long as the web server can reach out to the files/folders on the other server, then code behind can "transmit" the file to the end user, and no security hole exists. Furthermore, if the data base listing of the files is restricted to the one user, or based on some other criteria?
So, say I have these two files and the listing of files is based on the user's logon:
So, above is just a simple listview (or you could have a grid view), don't really matter.
However, when you click on the image to download that file?
The code behind gets the information from the database, and then "transmits" the file to the end user. (They get a standard file download).
Remember, the code behind is windows code, and that code can open + read any file on your network that the web server can reach out to.
So, the code behind for that click looks like this:
So, note how the listview (or GridView) DOES not expose the PK row id (you use datakeys to avoid having the PK id exposed to client markup).
We then get the file name from the database.
Then we send the file to the browser (as a download).
So, code behind can use transmitfile(). And code behind is not restricted to using URL path names, but can read + open any file on the same network as the web server.
So, without question, the recommend to never use, and never have URL's that map to files? That is correct, and is a large security hole.
The only requirement is that the web server user "context" requires file rights to that other server. You can create a non domain logon for this purpose, and thus you will require a logon on that other server of the same name + password.
It not clear if each user has their own folder, or as they up-load files, or whatever, then some data base rows are available.
However, as above shows, you don't want to create nor allow web URL's that map out to the other "secure" server with those files. While the web site and URLs are limited to the folders for that web site, code behind has no such limitations, and code behind is free to read and "transmit" out any file based on any valid path name. The end result is no public guessing or trying of URL's exist nor are mapped to the files on that other server.