Skip to content

Instantly share code, notes, and snippets.

@hounsell
Created September 11, 2015 12:10
Show Gist options
  • Save hounsell/d7c6114326ad0defe93e to your computer and use it in GitHub Desktop.
Save hounsell/d7c6114326ad0defe93e to your computer and use it in GitHub Desktop.
using System;
using System.Web;
namespace SecureTransfer
{
public class SecureTransferModule : IHttpModule
{
private const string DONT_LET_ROL_KNOW_THIS_SECRET = "flibbledeeflobbledeedoo";
public void Dispose()
{
//clean-up code here.
}
public void Init(HttpApplication context)
{
// Below is an example of how you can handle LogRequest event and provide
// custom logging implementation for it
context.PostAuthorizeRequest += RequestAuthTG;
}
private void RequestAuthTG(object sender, EventArgs e)
{
using (HttpApplication app = sender as HttpApplication)
{
HttpRequest request = app.Context.Request;
HttpResponse response = app.Context.Response;
string qsTime = request.QueryString["RT"];
string qsHash = request.QueryString["RH"];
long unixTime = 0;
if (!long.TryParse(qsTime, out unixTime))
{
response.StatusCode = 403;
response.End();
return;
}
DateTime reqTime = unixTime.ToDateTime();
if (DateTime.UtcNow < reqTime || reqTime.AddHours(1) < DateTime.UtcNow)
{
response.StatusCode = 403;
response.End();
return;
}
string filename = request.PhysicalPath.Substring(request.PhysicalPath.LastIndexOf('\\'));
string expectedHash = HashString.CalculateHash($"{qsTime}{filename}{DONT_LET_ROL_KNOW_THIS_SECRET}{qsTime}");
if (qsHash != expectedHash)
{
response.StatusCode = 403;
response.End();
return;
}
response.TransmitFile(request.PhysicalPath);
response.End();
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment