x First time here? Check out the FAQ
  • Avatar176posts520karma

    Protected Media

    Masood Afzal started this topic September 5, 2009 @ 06:22

    Is there any solution available for protecting media files from unauthorized downloading?

    I know Dirk is wokring on a project http://our.umbraco.org/projects/protected-media but is there any solution currently available?

    An alternate approach could be saving media files in database, applying permissions to these files for related user/member groups, and on download checking if user has access to this download!

     


  • Avatar4386posts5187karma
    adminComment with ID: 14097
    Dirk De Grave posted this reply September 5, 2009 @ 07:22

    Masood,

    Yes, solution is currently available but no installer package yet (as media types cannot be included in a package), and no installation documentation yet... but you may contact me (dirk at netaddicts dot be) and as I have a  demo site available as well as install info.

    Cheers,

    /Dirk


  • Avatar176posts520karma
    Comment with ID: 14099
    Masood Afzal posted this reply September 5, 2009 @ 08:12

    Thanks Dirk,

    Can you please send to me at GreatLogics at yahoo dot com

    TA

    Masood


  • Avatar151posts163karma
    Comment with ID: 14130
    Tom Madden posted this reply September 6, 2009 @ 10:12

    Masood,

    I've not looked at Dirk's solution, and it may work in the same way, but an option is not to link to the image file directly, but to link to a download page and pass the ID of the image in the querystring, assuming it's in the media section. The download page woudl check the users authentication and authorisation settings and then pass the file on, or not, as appropriate.

    I've done this, as a proof of concept, to stop the browser from displaying images that have been linked to and instead to prompt the user to save the image, by changing the http headers, to protect the image from unaithorised download, and also log which images are downloaded and by whom.

    You can find a thread about this at stackoverflow that's also referenced from another topic here about downloading images

    http://stackoverflow.com/questions/336345/c-asp-net-3-5-content-disposition-file-download-problems

    The original topic about downloading PDFs

    http://our.umbraco.org/forum/developers/xslt/2900-File-download-dailog-when-pdfdoc-links-are-clicked-

    HTH

    Tom


  • Avatar176posts520karma
    Comment with ID: 14229
    Masood Afzal posted this reply September 7, 2009 @ 11:17

    Thanks Tom sounds like a good idea!


  • Avatar4386posts5187karma
    adminComment with ID: 14237
    Dirk De Grave posted this reply September 8, 2009 @ 08:58

    Masood, I've sent a mail with binaries and install instructions and link to demo site.

     

    Cheers,

    /Dirk


  • Avatar297posts326karma
    Comment with ID: 14249
    Mikael Mørup posted this reply September 8, 2009 @ 10:44

     

    Quixltd !

    As far as i can see with your suggestion, the media files are still in the Media folder and therefore not protected from direct download.

    You can get to a file if you know it's URL like:  http://www.name.com/media/2399/filename.jpg

    Someone with acces to the file cane give someone without acces this URL, and they can get to the file without going through the download page.

    This might or might not be a problem depending on the security needed for your solution.

    Dirks solution solves that problem !!

    Mikael


  • Avatar151posts163karma
    Comment with ID: 14301
    Tom Madden posted this reply September 8, 2009 @ 09:52

    Mikael,

    you are right about the image being able to be downloaded directly, but only if the following conditions are met:

    1. The user has to know the name of the file he wants to donwload and this isn't shown unless it's already downloaded
    2. He has a note of the ID of the item
    3. He knows that the site is running Umbraco and how to reconstruct the URL to the image

    The name of the file isn't shown unless you successfully download it in which case you have already logged in and have access to the file. The path to the image is never shown, but it does have the weakness that it's security by obfuscation, which obviously isn't suitable for every case, but quick and easy to setup where the maximum security isn't required, otherwise I would keep the items in a directory outside the root of the website itself.

    Cheers

    Tom


  • Niels Hartvig posted this reply September 8, 2009 @ 10:03

    Finally you can just let IIS stop serving files from the /media folders if you're streaming it via a proxy page. That way the anonymous user won't have read access to /media but the application pool user will (ie. asp.net reading and streaming the file).


  • Avatar2561posts6427karma
    Comment with ID: 71088
    Richard Soeteman posted this reply March 25, 2011 @ 10:21

    Just a post for everyone who is interested.

    I've just released a media protect package, which allows you to protect media in the same simple way as you protect content in Umbraco. No additional configuration needed. Just install the package and it works.

    Check out the projects page for more info and a fully functional trial download.

    Cheers,

    Richard


  • Swathi posted this reply March 4, 2014 @ 12:18

    hi

    I have installed the trail version  media protect in my local umbraco set up. it is working fine to me. But in other site i have installed media protect and also added the .lic file. when i gave public access to media file , i have given login page , but it is not working to me. It is showing file instead of showing login page. can please help me why it is not applied.


Pages:

Please login or Sign up To post replies