Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do I restrict access to pdf files on my server?

Tags:

pdf

asp.net-mvc

I am using ASP.Net MVC. I have restricted access to the web site using ASP Forms authentication. However, the web pages contain links to pdf files on the server which I also want protected.

For example, the user can browse to foo.com and foo.com/account/logon. Once they logon they can access foo.com/category/bar which presents the view in bar.aspx. On that view is a link to foo.com/files/theta.pdf which loads up in the browser just fine. However, I don’t want foo.com/files/theta.pdf accessible from the browser unless the user has authenticated.

How do I prevent a user from accessing foo.com/files/theta.pdf directly from their browser without first authenticating at foo.com/account/logon?

like image 873
Jeff Rubingh Avatar asked Mar 03 '10 00:03

Jeff Rubingh

People also ask

Can you restrict access to a PDF File?

Open a file in Acrobat and choose “Tools” > “Protect.” Select whether you want to restrict editing with a password or encrypt the file with a certificate or password. Set password or security method as desired. Click “OK” and then click “Save.”

How do you add security settings to a PDF?

From the menu bar select File and choose Document Properties. Use keyboard shortcut (Ctrl + D) to open Document Properties. Within the 'Document Properties' dialog box, select the Security tab and choose the Add Security button. Select the security options you want to enable using the check-boxes and drop-down menus.

How do I turn off PDF permissions?

Open Acrobat, click on File followed by Open and then, open the desired PDF file. Click on Properties & switch to the Security tab. Now, besides the Security Method list, click on the Change Settings button. To remove all permissions from PDF, disable the Restrict editing and printing of the document.

2 Answers

Pass the request through a controller, and return a FileResult. You can apply whatever security you want to the controller method, either by using the Authorize attribute, or by checking permissions inside the controller method.

There is an example of such code at this question, which illustrates how to return an image file. Just return your pdf instead of the image file, and use application/pdf as the MIME type.

like image 200
Robert Harvey Avatar answered Sep 30 '22 10:09

Robert Harvey

If you want to restrict all access to the /files directory you could simply use a location element in your web.config to restrict access.

E.g.

<location path="~/files">
  <system.web>
    <authorization>
      <deny users="?" />
    </authorization>
  </system.web>
</location>

I should add that I agree with Robert and Rob for advanced security, but if you just want a simple solution this should do the trick. :-)

HTHs,
Charles

like image 41
Charlino Avatar answered Sep 30 '22 09:09

Charlino
Sign in to Comment

Related questions

GetExternalLoginInfoAsync() loginInfo return null - but only after a few hours
Passing a view model with Server.TransferRequest()
Return RedirectToAction in MVC using async & await
How to set default button in ASP.Net MVC
XSS validation from MVC action from JSON ajax post
DataAnotation to validate a model, how do I validate it so that the date is not in the future?
Facebook Login recommending to require HTTPS - How to Configure HTTP redirect URL for Facebook Login in ASP.NET MVC?
ASP.NET MVC with Angular :- page refresh or reload gives 404 error
Is there a way to turn off logging that Hangfire does with serilog?
C# Efficiently delete 50000 records in batches using SQLBulkCopy or equivalent library
Add() method adding duplicate rows for linked models in Code-First Entity Framework
How do I pass multiple objects to ViewPage in ASP.NET MVC?
Entity Framework + SQLite deployment
Obtain MembershipUser in ASP.NET MVC
How to make ActionFilter on action method take precedence over same ActionFilter on controller
MVC Index page and filter
Authorization and ASP.NET MVC Caching
Is it secure to POST Credit Card data from View to Controller?
ASP.NET-MVC . How to get the controller name from an url?
How do I get textarea for Html.EditorForModel() method in asp.net mvc 2

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!