Masood,

Yes, solution is currently available but no installer package yet (as media types cannot be included in a package), and no installation documentation yet... but you may contact me (dirk at netaddicts dot be) and as I have a  demo site available as well as install info.

Cheers,

/Dirk

Thanks Dirk,

Can you please send to me at GreatLogics at yahoo dot com

TA

Masood

Masood,

I've not looked at Dirk's solution, and it may work in the same way, but an option is not to link to the image file directly, but to link to a download page and pass the ID of the image in the querystring, assuming it's in the media section. The download page woudl check the users authentication and authorisation settings and then pass the file on, or not, as appropriate.

I've done this, as a proof of concept, to stop the browser from displaying images that have been linked to and instead to prompt the user to save the image, by changing the http headers, to protect the image from unaithorised download, and also log which images are downloaded and by whom.

You can find a thread about this at stackoverflow that's also referenced from another topic here about downloading images

http://stackoverflow.com/questions/336345/c-asp-net-3-5-content-disposition-file-download-problems

The original topic about downloading PDFs

http://our.umbraco.org/forum/developers/xslt/2900-File-download-dailog-when-pdfdoc-links-are-clicked-

HTH

Tom

Thanks Tom sounds like a good idea!

Masood, I've sent a mail with binaries and install instructions and link to demo site.

Cheers,

/Dirk

Quixltd !

As far as i can see with your suggestion, the media files are still in the Media folder and therefore not protected from direct download.

You can get to a file if you know it's URL like:  http://www.name.com/media/2399/filename.jpg

Someone with acces to the file cane give someone without acces this URL, and they can get to the file without going through the download page.

This might or might not be a problem depending on the security needed for your solution.

Dirks solution solves that problem !!

Mikael

Mikael,

you are right about the image being able to be downloaded directly, but only if the following conditions are met:

1. The user has to know the name of the file he wants to donwload and this isn't shown unless it's already downloaded
2. He has a note of the ID of the item
3. He knows that the site is running Umbraco and how to reconstruct the URL to the image

The name of the file isn't shown unless you successfully download it in which case you have already logged in and have access to the file. The path to the image is never shown, but it does have the weakness that it's security by obfuscation, which obviously isn't suitable for every case, but quick and easy to setup where the maximum security isn't required, otherwise I would keep the items in a directory outside the root of the website itself.

Cheers

Tom

Finally you can just let IIS stop serving files from the /media folders if you're streaming it via a proxy page. That way the anonymous user won't have read access to /media but the application pool user will (ie. asp.net reading and streaming the file).

Just a post for everyone who is interested.

I've just released a media protect package, which allows you to protect media in the same simple way as you protect content in Umbraco. No additional configuration needed. Just install the package and it works.

Check out the projects page for more info and a fully functional trial download.

Cheers,

Richard

hi

I have installed the trail version  media protect in my local umbraco set up. it is working fine to me. But in other site i have installed media protect and also added the .lic file. when i gave public access to media file , i have given login page , but it is not working to me. It is showing file instead of showing login page. can please help me why it is not applied.

Hi,

Make sure the site is running in integrated mode and the HTTPModule is configured in the web.config. Check the trouble shooting are of the user manual. Then all should be fine.

Best,

Richard

Hi,

I have checked everything but still it is not applied. while install i haven't got the default member group and types. this is there any problem with installation

What version of IIS are you running?

IIS 7 version

Can you check the response of the following url on that box, should say "true" in any other case the HTTPModule is not configured correctly

/umbraco/plugins/mediaprotect/mediaprotect.txt

the textfile contains the data as "This is a markerfile don't delete". should I need to change the text

No this indicates that your HTTPModule is not running.

My assumption is that you are running IIS7 in classic mode, or that the HTTPModule is not configured.

double check chapter 6 and 7

http://soetemansoftware.nl/media/9542/mediaprotect-manual.pdf

Best,

Richard

My Http module is missing this lines

add name="MediaProtectModule" type="MediaProtect.HttpModules.MediaProtectModule, MediaProtect" />

should I place this and my umbraco application pool is not in classic it has just the application name.

please suggest me.

I have change the httpmodule and also the Media.config file but still showing the file it is not protected. please suggest

Changing the media.config file doesn't change it. Can you send the web.config file to [email protected]? Then I will have a look.

Thanks,

Richard

Turned out the module was configured in the wrong section.

is working on a reply...