How to secure access to SWF file using ASP.NET?

Question

We have a swf file that we want to secure and make available only to authorized users.

I embedded the file in an aspx page and that works fine, since ASP.NET handles

Answer 1

Aristos,

You were right. Last afternoon just before I went home I tried creating a custom HTTP handler. And it worked nice. :-) Thanks for answering +1

public class CustomFlashHandler : IHttpHandler
{

public void ProcessRequest(HttpContext context)
{
  if (!context.User.Identity.IsAuthenticated)
  {
    context.Response.Redirect("Default.aspx?ReturnUrl=%2felVideo.aspx");
    context.Response.StatusCode = 401;
    return;
  }

  var url = context.Request.CurrentExecutionFilePath;

  if (string.IsNullOrEmpty(url)) return;

  HttpContext.Current.Response.ClearContent();
  HttpContext.Current.Response.ClearHeaders();
  HttpContext.Current.Response.AddHeader("Content-Disposition", string.Format("filename={0}", url));
  HttpContext.Current.Response.AddHeader("Content-Type", "application/x-shockwave-flash");
  HttpContext.Current.Response.WriteFile(url);
  HttpContext.Current.Response.End();
}

public bool IsReusable
{
  get { return false; }
}

}

Like Aristos said, you have to map ASP.NET to handle .swf files in IIS.

alt text http://www.freeimagehosting.net/uploads/30424ac60a.png

Then add the custom mapping in the application's web.config

<httpHandlers>
  <add verb="*" path="*.swf" type="XXXXX.Web.XXXXX.CustomFlashHandler" validate="false" />
</httpHandlers>

1: href=http://www.freeimagehosting.net/>http://www.freeimagehosting.net/uploads/30424ac60a.png

1: a href=http://www.freeimagehosting.net/>http://www.freeimagehosting.net/uploads/30424ac60a.png border=0 alt="Free Image Hosting">

Answer 2

I think that the most easy and fast solution is to Map this extention (.swf) to handle by asp.net.

I do not know if its works, because I do not have done that, but you can give it a try.

One other way is to place this files, somewhere hidden, or with complex name, and use an .ashx file to just read and send them. In the .ashx file you need to set the correct Response.ContentType for the flash, and just read and send the correct file.