Not any file, but one file that could return any file that users have uploaded to the application!
When Users try to access such an URL, let's say http://myapps/getFile.ashx?idFile=123, I chek the user right to see/access the file. If the user couldn't access the file, I just respond "You don't have access to this file" instead of the file Stream.
For some reason, somewhere else in my app, I need to make an internal WebRequest to a file through getFile.ashx. The problem is I can't get the file because my app is not a granted user for that file.
I need a way for getFile.ashx to know that it's the app itself that make a WebRequest to access the file and thus should be granted.
After some diggin, I found the bool
context.Request.IsLocalthat garantee that the WebRequest is internal.
So getFile either check the user right or evaluate IsLocal and give access if True.
1 comment:
Il semble que vous soyez un expert dans ce domaine, vos remarques sont tres interessantes, merci.
- Daniel
Post a Comment