15 October, 2009

Detect local Server to Server Request in C#.NET

In my current project, I needed to secure file access.

Not any file, but one file that could return any file that users have uploaded to the application!

When Users try to access such an URL, let's say http://myapps/getFile.ashx?idFile=123, I chek the user right to see/access the file. If the user couldn't access the file, I just respond "You don't have access to this file" instead of the file Stream.

For some reason, somewhere else in my app, I need to make an internal WebRequest to a file through getFile.ashx. The problem is I can't get the file because my app is not a granted user for that file.

I need a way for getFile.ashx to know that it's the app itself that make a WebRequest to access the file and thus should be granted.

After some diggin, I found the bool
context.Request.IsLocal
that garantee that the WebRequest is internal.

So getFile either check the user right or evaluate IsLocal and give access if True.

1 comment:

Anonymous said...

Il semble que vous soyez un expert dans ce domaine, vos remarques sont tres interessantes, merci.

- Daniel