We have an aC # asp.net web application that, among other things, allows users to download previously downloaded files, such as PDF documents, Word documents, etc. The asp.net application is served through an IIS6 server and real-time file resources on another server.
When a user requests a file (i.e. clicks a button in a web form), we transfer the file back to our browser, changing the ContentType accordingly.
This seemed like a good way to avoid navigating the IIS virtual folder path to serve file resources, which was because users could crack the URL. i.e. with a URL like https: //mydomain/myresource/clientid/myreport.docx , an experienced user can have a good shot at guessing alternative cvlientid names and documents.
The problem with the flow of a Word document in the browser is that when the browser throws it in Word, Word treats it as a completely new document, which means that the original document properties and stock information are lost.
Our users store metadata information in the properties of a Word document, so this solution is not acceptable to them.
Working with IIS virtual folders solves this problem, but presents a URL security problem.
So my questions are ...
Does anyone know how we can use URL encryption / decryption (or obfuscation) using IIS virtual folders?
Or does anyone know of any open source projects that do similar work.
Or does anyone have any recommendations on how to write their own implementation of virtual folders, but with encrypted URLs?
Thank you very much in advance.
ps. our web application is delivered via https