Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do I restrict access to pdf files on my server?

I am using ASP.Net MVC. I have restricted access to the web site using ASP Forms authentication. However, the web pages contain links to pdf files on the server which I also want protected.

For example, the user can browse to foo.com and foo.com/account/logon. Once they logon they can access foo.com/category/bar which presents the view in bar.aspx. On that view is a link to foo.com/files/theta.pdf which loads up in the browser just fine. However, I don’t want foo.com/files/theta.pdf accessible from the browser unless the user has authenticated.

How do I prevent a user from accessing foo.com/files/theta.pdf directly from their browser without first authenticating at foo.com/account/logon?

like image 873
Jeff Rubingh Avatar asked Mar 03 '10 00:03

Jeff Rubingh


People also ask

Can you restrict access to a PDF File?

Open a file in Acrobat and choose “Tools” > “Protect.” Select whether you want to restrict editing with a password or encrypt the file with a certificate or password. Set password or security method as desired. Click “OK” and then click “Save.”

How do you add security settings to a PDF?

From the menu bar select File and choose Document Properties. Use keyboard shortcut (Ctrl + D) to open Document Properties. Within the 'Document Properties' dialog box, select the Security tab and choose the Add Security button. Select the security options you want to enable using the check-boxes and drop-down menus.

How do I turn off PDF permissions?

Open Acrobat, click on File followed by Open and then, open the desired PDF file. Click on Properties & switch to the Security tab. Now, besides the Security Method list, click on the Change Settings button. To remove all permissions from PDF, disable the Restrict editing and printing of the document.


2 Answers

Pass the request through a controller, and return a FileResult. You can apply whatever security you want to the controller method, either by using the Authorize attribute, or by checking permissions inside the controller method.

There is an example of such code at this question, which illustrates how to return an image file. Just return your pdf instead of the image file, and use application/pdf as the MIME type.

like image 200
Robert Harvey Avatar answered Sep 30 '22 10:09

Robert Harvey


If you want to restrict all access to the /files directory you could simply use a location element in your web.config to restrict access.

E.g.

<location path="~/files">
  <system.web>
    <authorization>
      <deny users="?" />
    </authorization>
  </system.web>
</location>

I should add that I agree with Robert and Rob for advanced security, but if you just want a simple solution this should do the trick. :-)

HTHs,
Charles

like image 41
Charlino Avatar answered Sep 30 '22 09:09

Charlino