hounsell/SecureTransferModule.cs

## SecureTransferModule.cs
using System;
using System.Web;

namespace SecureTransfer
{
   public class SecureTransferModule : IHttpModule
   {
      private const string DONT_LET_ROL_KNOW_THIS_SECRET = "flibbledeeflobbledeedoo";

      public void Dispose()
      {
         //clean-up code here.
      }

      public void Init(HttpApplication context)
      {
         // Below is an example of how you can handle LogRequest event and provide
         // custom logging implementation for it
         context.PostAuthorizeRequest += RequestAuthTG;
      }

      private void RequestAuthTG(object sender, EventArgs e)
      {
         using (HttpApplication app = sender as HttpApplication)
         {
            HttpRequest request = app.Context.Request;
            HttpResponse response = app.Context.Response;

            string qsTime = request.QueryString["RT"];
            string qsHash = request.QueryString["RH"];
            long unixTime = 0;

            if (!long.TryParse(qsTime, out unixTime))
            {
               response.StatusCode = 403;
               response.End();
               return;
            }

            DateTime reqTime = unixTime.ToDateTime();
            if (DateTime.UtcNow < reqTime || reqTime.AddHours(1) < DateTime.UtcNow)
            {
               response.StatusCode = 403;
               response.End();
               return;
            }

            string filename = request.PhysicalPath.Substring(request.PhysicalPath.LastIndexOf('\\'));
            string expectedHash = HashString.CalculateHash($"{qsTime}{filename}{DONT_LET_ROL_KNOW_THIS_SECRET}{qsTime}");
            if (qsHash != expectedHash)
            {
               response.StatusCode = 403;
               response.End();
               return;
            }

            response.TransmitFile(request.PhysicalPath);
            response.End();
         }
      }
   }
}
	using System;
	using System.Web;

	namespace SecureTransfer
	{
	public class SecureTransferModule : IHttpModule
	{
	private const string DONT_LET_ROL_KNOW_THIS_SECRET = "flibbledeeflobbledeedoo";

	public void Dispose()
	{
	//clean-up code here.
	}

	public void Init(HttpApplication context)
	{
	// Below is an example of how you can handle LogRequest event and provide
	// custom logging implementation for it
	context.PostAuthorizeRequest += RequestAuthTG;
	}

	private void RequestAuthTG(object sender, EventArgs e)
	{
	using (HttpApplication app = sender as HttpApplication)
	{
	HttpRequest request = app.Context.Request;
	HttpResponse response = app.Context.Response;

	string qsTime = request.QueryString["RT"];
	string qsHash = request.QueryString["RH"];
	long unixTime = 0;

	if (!long.TryParse(qsTime, out unixTime))
	{
	response.StatusCode = 403;
	response.End();
	return;
	}

	DateTime reqTime = unixTime.ToDateTime();
	if (DateTime.UtcNow < reqTime \|\| reqTime.AddHours(1) < DateTime.UtcNow)
	{
	response.StatusCode = 403;
	response.End();
	return;
	}

	string filename = request.PhysicalPath.Substring(request.PhysicalPath.LastIndexOf('\\'));
	string expectedHash = HashString.CalculateHash($"{qsTime}{filename}{DONT_LET_ROL_KNOW_THIS_SECRET}{qsTime}");
	if (qsHash != expectedHash)
	{
	response.StatusCode = 403;
	response.End();
	return;
	}

	response.TransmitFile(request.PhysicalPath);
	response.End();
	}
	}
	}
	}