I want to restrict users to access files using URL absolute path (authenticated and not).
Users wont be able to access a CSS or Js file (for example entering http://codeproject.com/css_folder/something.js).
Obviously I cant deny access on web.config because if I do that the JS are not executed (for authenticated users).
So I'm thinking on an approach through some code. Something like this:
string path = Request.Url.AbsoluteUri;
string strExt = System.IO.Path.GetExtension(path);
Response.Write("here: " + path);
Response.Write(" test: " + strExt);
if (!System.IO.Path.IsPathRooted(path))
{
if ((strExt == ".css") || (strExt == ".js"))
{
Response.Redirect("notas.aspx");
But that's not working. And is natural, because when we enter absolute path there's no more server side code processed on that page.
From what I searched the solution is using a HttpHandler to build CSS and JS, and then change authorization on those handlers.
I did on web.config
<httpHandlers>
<add verb="*" path="css/*.css" type="handler.MyHttpHandler, handler" />
<add verb="*" path="Script/*.js" type="handler.MyHttpHandler, handler" />
</httpHandlers>
and created a class Myhhtphandler
<pre lang="cs">
public class MyHttpHandler : IHttpHandler, IReadOnlySessionState
{
public void ProcessRequest(HttpContext context)
{
context.Response.Redirect("/login.aspx?retUrl=" + context.Request.RawUrl);
}
public bool IsReusable
{
get { return false; }
}
}
I have two problems: I dont know if this correct, and I get an error "could not load file or assembly 'handler' or one of its dependencies. The system cannot find the file specified."
Sorry if the solution is too obvious, but I honestly dont know.
EDIT: I created a web.config dedicated on css folder a placed html handlers, this way I dont get errors but I still can access the css file through URL absolute path.
EDIT2:
Now using as simple as that: MyHttpHandler.cs:
using System.Web;
using System.Web.Security;
using System.Web.UI;
namespace test
{
public class MyHttpHandler : IHttpHandler
{
public void ProcessRequest(HttpContext context)
{
context.Response.Redirect(
"~/Downloads/Files/AccessDenied.aspx");
}
public bool IsReusable
{
get
{
return true;
}
}
}
}
css/web.config:
="1.0"
<configuration>
<system.web>
<httpHandlers>
<add verb="*" path="*.css"
type="test.MyHttpHandler"/>
</httpHandlers>
</system.web>
</configuration>
Still dont work.