Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
691 views
in Technique[技术] by (71.8m points)

flash - How to secure access to SWF file using ASP.NET?

We have a swf file that we want to secure and make available only to authorized users.

I embedded the file in an aspx page and that works fine, since ASP.NET handles the aspx page, I can use ASP.NET authorization features and in the web.config restrict the access to roles="AllowedUsers" for example.

However smart users could still get to the file by accessing directly for example www.mysite/flash.swf. We want to make that kind of access secure.

Any help would be greatly appreciated!

Thanks!

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Aristos,

You were right. Last afternoon just before I went home I tried creating a custom HTTP handler. And it worked nice. :-) Thanks for answering +1

public class CustomFlashHandler : IHttpHandler
{

public void ProcessRequest(HttpContext context)
{
  if (!context.User.Identity.IsAuthenticated)
  {
    context.Response.Redirect("Default.aspx?ReturnUrl=%2felVideo.aspx");
    context.Response.StatusCode = 401;
    return;
  }

  var url = context.Request.CurrentExecutionFilePath;

  if (string.IsNullOrEmpty(url)) return;

  HttpContext.Current.Response.ClearContent();
  HttpContext.Current.Response.ClearHeaders();
  HttpContext.Current.Response.AddHeader("Content-Disposition", string.Format("filename={0}", url));
  HttpContext.Current.Response.AddHeader("Content-Type", "application/x-shockwave-flash");
  HttpContext.Current.Response.WriteFile(url);
  HttpContext.Current.Response.End();
}

public bool IsReusable
{
  get { return false; }
}

}

Like Aristos said, you have to map ASP.NET to handle .swf files in IIS.

alt text http://www.freeimagehosting.net/uploads/30424ac60a.png

Then add the custom mapping in the application's web.config

<httpHandlers>
  <add verb="*" path="*.swf" type="XXXXX.Web.XXXXX.CustomFlashHandler" validate="false" />
</httpHandlers>

1: href=http://www.freeimagehosting.net/>http://www.freeimagehosting.net/uploads/30424ac60a.png

1: a href=http://www.freeimagehosting.net/>http://www.freeimagehosting.net/uploads/30424ac60a.png border=0 alt="Free Image Hosting">


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...