Created
September 11, 2015 12:10
-
-
Save hounsell/d7c6114326ad0defe93e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Web; | |
namespace SecureTransfer | |
{ | |
public class SecureTransferModule : IHttpModule | |
{ | |
private const string DONT_LET_ROL_KNOW_THIS_SECRET = "flibbledeeflobbledeedoo"; | |
public void Dispose() | |
{ | |
//clean-up code here. | |
} | |
public void Init(HttpApplication context) | |
{ | |
// Below is an example of how you can handle LogRequest event and provide | |
// custom logging implementation for it | |
context.PostAuthorizeRequest += RequestAuthTG; | |
} | |
private void RequestAuthTG(object sender, EventArgs e) | |
{ | |
using (HttpApplication app = sender as HttpApplication) | |
{ | |
HttpRequest request = app.Context.Request; | |
HttpResponse response = app.Context.Response; | |
string qsTime = request.QueryString["RT"]; | |
string qsHash = request.QueryString["RH"]; | |
long unixTime = 0; | |
if (!long.TryParse(qsTime, out unixTime)) | |
{ | |
response.StatusCode = 403; | |
response.End(); | |
return; | |
} | |
DateTime reqTime = unixTime.ToDateTime(); | |
if (DateTime.UtcNow < reqTime || reqTime.AddHours(1) < DateTime.UtcNow) | |
{ | |
response.StatusCode = 403; | |
response.End(); | |
return; | |
} | |
string filename = request.PhysicalPath.Substring(request.PhysicalPath.LastIndexOf('\\')); | |
string expectedHash = HashString.CalculateHash($"{qsTime}{filename}{DONT_LET_ROL_KNOW_THIS_SECRET}{qsTime}"); | |
if (qsHash != expectedHash) | |
{ | |
response.StatusCode = 403; | |
response.End(); | |
return; | |
} | |
response.TransmitFile(request.PhysicalPath); | |
response.End(); | |
} | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment