tags:

views:

56

answers:

1
+1  Q: 

Expose url to webservice

In our project we want to query a document management system for a specific document or movie. The dms returns a URL with the document location (for example: http://mydomain.myserver1.share/mypdf.pdf or http://mydomain.myserver2.share/mymovie.avi).

We want to expose the document to internet users and intranet users. The requested file can be large (large video files).

Our architecture is like:

request goes like: webapp1 -> webapp2 -> webapp3 -> dms

response goes like: dms -> webapp3 -> webapp2 -> webapp1

webapp1 could be on the internet.

I have have been thinking how we can obfuscate the real url from the dms, due to security issues. I have seen implementations from other webapps where the pdf URL was obfusicated by creating a temp file for the requested document that is specific for the session and user. So other users cannot easily guess the documentname of other users.

My question: is there a pattern that deals with exposing company/user vulernable data to the public ?

Our development is in C# 3.5.

+2  A: 

The easiest way to handle it is to create a ashx file (or some other way of creating a URL) and have it serve the pdf. Since WCF supports REST you could always do it through that too. Just load the pdf into memory and push the byte contents into the response stream.

Alternatively, you might want to look into these:

http://www.microsoft.com/forefront/edgesecurity/isaserver/en/us/

http://www.isapirewrite.com/

Kevin  2010-04-12 13:45:33
This is not what we want. Pushing the data into memory is a huge load on memory per server, because there are many, many requests in a second and the data must be travelled over many webapps before it is consumed. We want to look for a way how we can safely expose a URL to a caller so no other callers can grab that same data by URL guessing
Patrick Peters  2010-04-12 14:00:05
To serve the pdf, the server is going to have to load it into memory one way or another. It has to push it out to the client. Whether you load into memory, or let IIS do it for you, it has to happen.
Kevin  2010-04-12 14:27:09
The dms can also expose its internal file location by a url. But we do not want to expose that "internal" location to the public. The WCF service has to make a copy or load the file as byte array... But after that the file must be published again as a new URL location that must be only available by the session that requested it.
Patrick Peters  2010-04-13 07:12:42

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?