Need as solution for hot linking of files on IIS.
Application is on VB.NET
WEB Server : IIS
URL Rewrite : 2.1
We have a WEB Application where we allow Logged in users to upload Documents (PDF, JPG, DOCS, XLS etc…)
These uploaded files are stored in a separate directories (DownLoad2017, DownLoad2018 and DownLoad2019) and browsing on that directory is disabled.
But if someone gets a full link to a filename inside these Download directories (through href ..) , it will open.
Need a solution ASAP, to Protect these files (Best possible IIS Configuration and VB.NET solution).
Currently I have written the following script, within the SecureLink.aspx , I am checking for a Session Variable and if that is empty I am directing to Login.aspx page. This works fine.
But for Authenticated users , I wanted to show the file. (Rule runs indefinetely as I am doing a "response.redirect(HttpLink)" )
How do I make a passthrough for Authenticated users ?
<rewrite>
<rules>
<rule name="StopHotLinking" stopProcessing="true">
<match url="DownLoad2017|DownLoad2018|DownLoad2019" />
<action type="Redirect" url="SecureLink.aspx?HttpLink={HTTP_HOST}/{R:0}" redirectType="Found" />
</rule>
</rules>
</rewrite>
Appreciate any proven solution, scripts or best practices
Thanks in Advance
Rajeev