+1-888-365-2779
Try Now
More in this section

Forums / Developing with Sitefinity / Unable to secure Pdfs uploaded in Documents & Files

Unable to secure Pdfs uploaded in Documents & Files

9 posts, 0 answered
  1. Nirav
    Nirav avatar
    8 posts
    Registered:
    24 Jun 2013
    27 Jun 2013
    Link to this post
    Hi all,

    I uploaded pdfs from Content > Documents & files. I show these pdfs to front end website when someone search the pdfs. The url of uploaded pdf is something like this: 

    http://localhost:11111/docs/default-source/default-document-library/mypdf.pdf

    I want to develope like when someone click on the link user must be redirect to my custom login page. And after login my custom user will be able to see same pdf.

    For it i created my custom httphandler and code is below:

    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Web;

    namespace SitefinityWebApp.App_Code
    {
        /// <summary>
        /// Summary description for CustomPdfHandler
        /// </summary>
        public class CustomPdfHandler : IHttpHandler, System.Web.SessionState.IRequiresSessionState
        {

            public void ProcessRequest(HttpContext context)
            {
                if (context.Session["UserName"] == null)

                //if (!context.User.Identity.IsAuthenticated)
                {
                    context.Response.Redirect("/login?ReturnUrl=" + HttpContext.Current.Request.RawUrl.ToString());
                    context.Response.StatusCode = 401;
                    return;
                }

                var url = context.Request.CurrentExecutionFilePath;

                if (string.IsNullOrEmpty(url)) return;

                HttpContext.Current.Response.ClearContent();
                HttpContext.Current.Response.ClearHeaders();
                HttpContext.Current.Response.AddHeader("Content-Disposition", string.Format("filename={0}", url));
                HttpContext.Current.Response.AddHeader("Content-Type", "application/pdf");
                HttpContext.Current.Response.WriteFile(url);
                HttpContext.Current.Response.End();
            }

            public bool IsReusable
            {
                get
                {
                    return false;
                }
            }
        }
    }


    I added below line in <httphandlers>

    <add verb="*" path="*.pdf" type="SitefinityWebApp.App_Code.CustomPdfHandler, App_Code" validate="false"/>

    And below line in <handlers>

    <add name="PdfRestrict" path="*.pdf" verb="*" modules="IsapiModule" scriptProcessor="C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" resourceType="Unspecified" preCondition="classicMode,runtimeVersionv4.0,bitness32"/>


    The code works fine with static pdf link that i added in visual studio in doc folder mypdf.pdf but not working with pdf i uploaded in Documents & Files !!

    Please help me asap.. It is very urgent..

    Kind Regards,
    Nirav.
  2. Jonathan
    Jonathan avatar
    119 posts
    Registered:
    19 Dec 2012
    27 Jun 2013 in reply to Nirav
    Link to this post
    So using the Sitefinity link builder the handler is not getting fired off?
  3. Nirav
    Nirav avatar
    8 posts
    Registered:
    24 Jun 2013
    28 Jun 2013 in reply to Jonathan
    Link to this post
    Jonathan,

    Yes and i want to fire it off and provide some other solution if it is available to secure pdf from front end users and redirect it to custom login page when click on link of pdf in sitefinity search result widget links.

    Kind Regards.
  4. Nirav
    Nirav avatar
    8 posts
    Registered:
    24 Jun 2013
    29 Jun 2013 in reply to Nirav
    Link to this post
    Mrakr my words that I have custom table of my users. I want my users to open pdf not the users from sitefinity backend..!!

    Hope i will find the solution.

    Kind Regards,
    Nirav Golani. 
  5. Stanislav Velikov
    Stanislav Velikov avatar
    1113 posts
    Registered:
    22 Sep 2016
    02 Jul 2013
    Link to this post
    Hi,

    The http handler is one way to handle all .pdf requests and register the handler in web.config
    <add name="RestrictPdfs" verb="*" path="*.pdf" type="SitefinityWebApp.App_Code.YourCustomHandler, App_Code" resourceType="Unspecified" />

    Please take a look at the following article for handler registration in different versions of IIS.
    The handler will handle cases when any .pdf file is requested by user.
    As an alternative if you are using the download list widget from sitefinity to display a list of pdfs add logic to the widget template for download list widget that will redirect the user upon clicking a link to view pdf, here is a blog post that explains how to perform modifications to existing widgets or if this is not the case let me know how how are the pdf files displayed on the site, in a custom control or sitefinity download list widget.

    Regards,
    Stanislav Velikov
    Telerik
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  6. Nirav
    Nirav avatar
    8 posts
    Registered:
    24 Jun 2013
    03 Jul 2013 in reply to Stanislav Velikov
    Link to this post
    Stanislav,

    Thanks for the reply.

    I registerd the handler as you suggested in integrated mode. But still i can't handle pdf files. I display all the pdf files in search results widget. What i want is to when some one search pdf file in search widget, Site will display pdf. I did this, But now when someone click on the link of pdf in search results widget it must handle the handler and redirect me to my custom login page.

    Here is the web.config code i used in <handlers> section

    <add name="PdfRestrict" path="*.pdf" verb="*" type="SitefinityWebApp.App_Code.CustomPdfHandler, App_Code" resourceType="Unspecified" />

    Am i missing something or what ? because still i am unable to handle pdf files.

    Thanks in advance and Regards,
    Nirav Golani.
  7. Theodore
    Theodore avatar
    6 posts
    Registered:
    02 Mar 2012
    30 Oct 2013
    Link to this post
    Did you ever find a way to secure Files and documents?  I was just notified that people were able to google search and find our docuements and download them.  Very insecure.  I need a way to lock them down so only certain roles can access them.
  8. Stanislav Velikov
    Stanislav Velikov avatar
    1113 posts
    Registered:
    22 Sep 2016
    04 Nov 2013
    Link to this post
    Hello,

    This can also be achieved using the events for media content in sitefintiy, refer to this documentation and the event IMediaContentDownloadingEvent which is fired when a document or other media has started download.
    Here the event can handle download of specific files as in the event arguments all document/image/video data is present and the document can be checked as well as the current user and perform redirects to a registration page if needed.

    Stanislav Velikov
    Telerik
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  9. Shelly
    Shelly avatar
    0 posts
    Registered:
    17 Nov 2015
    30 Aug in reply to Stanislav Velikov
    Link to this post

    Hello Stanislav. Thank you for your response to our questions. I see that your latest post on this was from November 2013. Is the IMediaContentDownloadingEvent still the best way to secure files accessed from password-protected pages on a Sitefinity website? The goal is to prevent users from copying/pasting the document URL into an email or another browser session, thereby bypassing the login requirement when the link is accessed from a secure page. Also of course, to prevent Google from indexing the files as Theordore mentioned.

     

    Shelly Ryder

9 posts, 0 answered