How do I go about securing files that are stored on the server? We have an ASP.NET app which generates PDFs. These are not stored in the wwwroot folder but in another folder i.e. C:\inetpub\data. This provides more security but maybe not enough. The ASP.NET/IIS process will need write access to this folder so it generate the PDFs there.
Once the pdf is generated, it can be viewed using an ASP.NET form called viewpdf.aspx with the file to be viewed add to the query string like so viewpdf.aspx?FILE=mynewfile.pdf. This is loaded from a gridview.
The full path to C:\inetpub\data is resolved and loaded in the Page_load event of the viewer page. Now I’m wondering how to secure this. Anybody could just view the file. Not by entering in the URL, as it won’t been seen by IIS (its not in wwwroot), but could change the querystring in the viewpdf page.
How do I stop anybody hacking this?
First, do not use the name of the file in the query string. Use some other identifier; preferably a non-guessable id. One example is a base 64 encoded guid.
Second, the viewpdf.aspx file should implement your security model to test whether the user who is accessing the link is authorized to view the file.
Third, you might consider storing the actual file somewhere else. SQL 2008 has a FILESTREAM data type which can push the actual file data to a file system folder and seems to work pretty well.