Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Masood Afzal 176 posts 522 karma points
    Sep 05, 2009 @ 18:22
    Masood Afzal
    0

    Protected Media

    Is there any solution available for protecting media files from unauthorized downloading?

    I know Dirk is wokring on a project http://our.umbraco.org/projects/protected-media but is there any solution currently available?

    An alternate approach could be saving media files in database, applying permissions to these files for related user/member groups, and on download checking if user has access to this download!

     

  • Dirk De Grave 4541 posts 6021 karma points MVP 3x admin c-trib
    Sep 05, 2009 @ 19:22
    Dirk De Grave
    0

    Masood,

    Yes, solution is currently available but no installer package yet (as media types cannot be included in a package), and no installation documentation yet... but you may contact me (dirk at netaddicts dot be) and as I have a  demo site available as well as install info.

    Cheers,

    /Dirk

  • Masood Afzal 176 posts 522 karma points
    Sep 05, 2009 @ 20:12
    Masood Afzal
    0

    Thanks Dirk,

    Can you please send to me at GreatLogics at yahoo dot com

    TA

    Masood

  • Tom Madden 253 posts 455 karma points MVP 4x c-trib
    Sep 06, 2009 @ 22:12
    Tom Madden
    0

    Masood,

    I've not looked at Dirk's solution, and it may work in the same way, but an option is not to link to the image file directly, but to link to a download page and pass the ID of the image in the querystring, assuming it's in the media section. The download page woudl check the users authentication and authorisation settings and then pass the file on, or not, as appropriate.

    I've done this, as a proof of concept, to stop the browser from displaying images that have been linked to and instead to prompt the user to save the image, by changing the http headers, to protect the image from unaithorised download, and also log which images are downloaded and by whom.

    You can find a thread about this at stackoverflow that's also referenced from another topic here about downloading images

    http://stackoverflow.com/questions/336345/c-asp-net-3-5-content-disposition-file-download-problems

    The original topic about downloading PDFs

    http://our.umbraco.org/forum/developers/xslt/2900-File-download-dailog-when-pdfdoc-links-are-clicked-

    HTH

    Tom

  • Masood Afzal 176 posts 522 karma points
    Sep 07, 2009 @ 23:17
    Masood Afzal
    0

    Thanks Tom sounds like a good idea!

  • Dirk De Grave 4541 posts 6021 karma points MVP 3x admin c-trib
    Sep 08, 2009 @ 08:58
    Dirk De Grave
    0

    Masood, I've sent a mail with binaries and install instructions and link to demo site.

     

    Cheers,

    /Dirk

  • Mikael Mørup 297 posts 326 karma points
    Sep 08, 2009 @ 10:44
    Mikael Mørup
    1

     

    Quixltd !

    As far as i can see with your suggestion, the media files are still in the Media folder and therefore not protected from direct download.

    You can get to a file if you know it's URL like:  http://www.name.com/media/2399/filename.jpg

    Someone with acces to the file cane give someone without acces this URL, and they can get to the file without going through the download page.

    This might or might not be a problem depending on the security needed for your solution.

    Dirks solution solves that problem !!

    Mikael

  • Tom Madden 253 posts 455 karma points MVP 4x c-trib
    Sep 08, 2009 @ 21:52
    Tom Madden
    0

    Mikael,

    you are right about the image being able to be downloaded directly, but only if the following conditions are met:

    1. The user has to know the name of the file he wants to donwload and this isn't shown unless it's already downloaded
    2. He has a note of the ID of the item
    3. He knows that the site is running Umbraco and how to reconstruct the URL to the image

    The name of the file isn't shown unless you successfully download it in which case you have already logged in and have access to the file. The path to the image is never shown, but it does have the weakness that it's security by obfuscation, which obviously isn't suitable for every case, but quick and easy to setup where the maximum security isn't required, otherwise I would keep the items in a directory outside the root of the website itself.

    Cheers

    Tom

  • Niels Hartvig 1951 posts 2391 karma points c-trib
    Sep 08, 2009 @ 22:03
    Niels Hartvig
    0

    Finally you can just let IIS stop serving files from the /media folders if you're streaming it via a proxy page. That way the anonymous user won't have read access to /media but the application pool user will (ie. asp.net reading and streaming the file).

  • Richard Soeteman 4046 posts 12899 karma points MVP 2x
    Mar 25, 2011 @ 10:21
    Richard Soeteman
    0

    Just a post for everyone who is interested.

    I've just released a media protect package, which allows you to protect media in the same simple way as you protect content in Umbraco. No additional configuration needed. Just install the package and it works.

    Check out the projects page for more info and a fully functional trial download.

    Cheers,

    Richard

  • Swathi 7 posts 27 karma points
    Mar 04, 2014 @ 12:18
    Swathi
    0

    hi

    I have installed the trail version  media protect in my local umbraco set up. it is working fine to me. But in other site i have installed media protect and also added the .lic file. when i gave public access to media file , i have given login page , but it is not working to me. It is showing file instead of showing login page. can please help me why it is not applied.

  • Richard Soeteman 4046 posts 12899 karma points MVP 2x
    Mar 04, 2014 @ 12:54
    Richard Soeteman
    0

    Hi,

    Make sure the site is running in integrated mode and the HTTPModule is configured in the web.config. Check the trouble shooting are of the user manual. Then all should be fine.

    Best,

    Richard

  • Swathi 7 posts 27 karma points
    Mar 04, 2014 @ 13:31
    Swathi
    0

    Hi,

    I have checked everything but still it is not applied. while install i haven't got the default member group and types. this is there any problem with installation

  • Richard Soeteman 4046 posts 12899 karma points MVP 2x
    Mar 04, 2014 @ 13:32
    Richard Soeteman
    0

    What version of IIS are you running?

  • Swathi 7 posts 27 karma points
    Mar 04, 2014 @ 13:37
    Swathi
    0

    IIS 7 version

  • Richard Soeteman 4046 posts 12899 karma points MVP 2x
    Mar 04, 2014 @ 13:45
    Richard Soeteman
    0

    Can you check the response of the following url on that box, should say "true" in any other case the HTTPModule is not configured correctly

    /umbraco/plugins/mediaprotect/mediaprotect.txt

  • Swathi 7 posts 27 karma points
    Mar 04, 2014 @ 13:55
    Swathi
    0

    the textfile contains the data as "This is a markerfile don't delete". should I need to change the text

  • Richard Soeteman 4046 posts 12899 karma points MVP 2x
    Mar 04, 2014 @ 14:01
    Richard Soeteman
    0

    No this indicates that your HTTPModule is not running.

    My assumption is that you are running IIS7 in classic mode, or that the HTTPModule is not configured.

    double check chapter 6 and 7

    http://soetemansoftware.nl/media/9542/mediaprotect-manual.pdf

    Best,

    Richard

  • Swathi 7 posts 27 karma points
    Mar 04, 2014 @ 14:32
    Swathi
    0

    My Http module is missing this lines

    add name="MediaProtectModule" type="MediaProtect.HttpModules.MediaProtectModule, MediaProtect" />

    should I place this and my umbraco application pool is not in classic it has just the application name.

    please suggest me.

  • Swathi 7 posts 27 karma points
    Mar 04, 2014 @ 14:59
    Swathi
    0

    I have change the httpmodule and also the Media.config file but still showing the file it is not protected. please suggest

  • Richard Soeteman 4046 posts 12899 karma points MVP 2x
    Mar 04, 2014 @ 16:42
    Richard Soeteman
    0

    Changing the media.config file doesn't change it. Can you send the web.config file to [email protected]? Then I will have a look.

    Thanks,

    Richard

  • Richard Soeteman 4046 posts 12899 karma points MVP 2x
    Mar 05, 2014 @ 08:28
    Richard Soeteman
    0

    Turned out the module was configured in the wrong section.

Please Sign in or register to post replies

Write your reply to:

Draft