tags:

views:

58

answers:

2
Q: 

Best way to perform authentication on every request

Hello.

In my asp.net mvc 2 app, I'm wondering about the best way to implement this:

  • For every incoming request I need to perform custom authorization before allowing the file to be served. (This is based on headers and contents of the querystring. If you're familiar with how Amazon S3 does rest authentication - exactly that).

I'd like to do this in the most perfomant way possible, which probably means as light a touch as possible, with IIS doing as much of the actual work as possible.

The service will need to handle GET requests, as well as writing new files coming in via POST/PUT requests.

The requests are for an abitrary file, so it could be:

GET http://storage.foo.com/bla/egg/foo18/something.bin

POST http://storage.foo.com/else.txt

Right now I've half implemented it using an IHttpHandler which handles all routes (with routes.RouteExistingFiles = true), but not sure if that's the best, or if I should be hooking into the lifecycle somewhere else?

I'm also interested in supporting partial downloads with the Range header. Using

response.TransmitFile(finalPath);

as I am now means I'll have to do that manually, which seems a bit lowlevel?

Many thanks for any pointers.

(IIS7)

A: 

I think having a custom handler in the middle that takes care of this is exactly how you should be doing it.

Matti Virkkunen  2010-05-31 12:25:46
A: 

TransmitFile is the lightest-weight programmatic way to serve a file that I am aware of.

However, you might not need to write your own HttpHandler. You can use the MVC handler and just dedicate a controller action to the job. Something like:

http://storage.foo.com/Files/Download/SomeFileIdentifier

...routing to...

public FilesController
{
   public ActionResult Download(string id)
   {
      //...some logic to authenticate and to get the local file path

      return File(theLocalFilePath, mimeType);
   }
}

The File() method of controller uses TransmitFile in the background, I believe.

(PS, If you want shorter URLs, do it via custom routes in global.asax.)

Matt Sherman  2010-05-31 21:01:27

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps