Secure Upload (SSL) a file in to Amazon S3 in c# - asp.net-mvc

Currently I am working on a MVC application, I want to upload a file(s) to amazon s3 using SSL from c#. (Sometimes i need to upload using SSL and some other times without SSL based on boolean value).
Thanks in Advance..

All S3 endpoints support both HTTP and HTTPS so it shouldn't be a problem to use either one, based on your use case.
You can see the full list of endpoints on:
http://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region

Related

Using AWS API Gateway To Pass Requests Through An Application Load Balancer To A Web Application

I want to use API Gateway for its mutual TLS capability and add it to an existing .net fx 4.8 web application hosted in IIS which is fronted by and AWS ALB:-
client browser -> apigw -> alb -> ec2
I have configured the apigw method to return html and to use proxy integration, but I am having issues in a couple of places:-
any request made to a subfolder of the mapped path returns {"message":"Missing Authentication Token"}
images are not being returned (tested by using the iis home page on the root
In the absence of any api auth being configured, I understand that the missing token response could indicate a bad url. I am new to apigw so I may be missing something obvious, but I cannot believe I would have to map every single possible path available in our web app in the apigw config - there are simply too many!
I have read a few articles/messages talking about handling images but these either refer to using s3 as the store or, in the case of the image being the only thing in the response, configuring the apigw to return an image content type. In this case of a .net web app which will return html and images, I have not found any advice.
So my question is (before I spend way too long trying to make this work!), is it possible or even advisable to front a .net fx web app with an aws api gateway?
You need to configure "Catch-all Path Variables" in API Gateway, as described here.

Rackspace cloud files client side uploads

I am using Rackspace cloud files as my CDN. My app is image heavy and right now, all image are being uploaded to my server and from there being uploaded to cloud files.
This I think is redundant and it's waste of my server resources. I think a better solution would be for me to give the client a URL to upload and then client can upload to the URL (bypassing my server completely) and telling the server everythings done.
I am wondering if this is possible using cloud files and how it can be done. I am using Rails on server side btw.
Thanks
You may use the FormPost feature of Rackspace Cloud Files.
FormPost lets you offer your website audience a way to upload objects to your Cloud Files account through a web form.
A CDN Container has four URIs associated with it: iOS Streaming, Streaming, HTTPS and HTTP.
Can't you use the, say, HTTPS URI to allow your clients to upload directly to the Container?

How to upload an image to another server via HTTP post using carrierwave(Ruby On Rails)?

I am trying to upload an image to another server via HTTP post using carrierwave? What I understand so far is, Carrierwave supports some known cloud storage. but, in our application, we have a separate storage system with MongoDB. In order to store any file in that server, we can use HTTP post. Now, I am trying to write a client code to upload image. Is it possible to achieve by using Carrierwave or is there any other gem available?
Thanks in advance.
If you're using CarrierWave and MongoDB, I would use the https://github.com/jnicklas/carrierwave-mongoid gem to connect and store directory in GridFS.
Here's a good post on uploading and retrieving an image via carrier wave and gridfs: http://hafizbadrie.wordpress.com/2011/04/14/image-upload-with-carrierwave-and-mongoid-gridfs-mongodb-in-rails-3/
you need to provide your data where there is s3 data in the tutorials:
stack overflow

Restricting access to downlad URL's using public/private key / certificates

How do I restrict access to url's on my site and only allow my client applications to access these urls. I am putting in a rest api to request the url and was thinking I could use public/private key sort of like AWS S3 does. My understanding is that I still need need SSL certificate to secure data during transfer.
Does this seem like a right approach? Also I am unsure on how to go about generating the keys on the server side. I am coding in both rails and php.
I am going use Query Request Authentication to secure the download urls.
http://docs.amazonwebservices.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/index.html?Query_QueryAuth.html

Securing S3 via your own application

Imagine the following use case:
You have a basecamp style application hosting files with S3. Accounts all have their own files, but stored on S3.
How, therefore, would a developer go about securing files so users of account 1, couldn't somehow get to files of account 2?
We're talking Rails if that's a help.
S3 supports signed time expiring URLs that mean you can furnish a user with a URL that effectively lets only people with that link view the file, and only within a certain time period from issue.
http://www.miracletutorials.com/s3-amazon-expiring-urls/
If you want to restrict control of those remote resources you could proxy the files through your app. For something like S3 this may defeat the purpose of what you are trying to do, but it would still allow you to keep the data with amazon and restrict access.
You should be careful with an approach like this as it could cause your ruby thread to block while it is proxying the file, which could become a real problem with the application.
Serve the files using an EC2 Instance
If you set your S3 bucket to private, then start up an EC2 instance, you could serve your files on S3 via EC2, using the EC2 instance to verify permissions based on your application's rules. Because there is no charge for EC2 to transfer to/from S3 (within the same region), you don't have to double up your bandwidth consumption costs at Amazon.
I haven't tackled this exact issue. But that doesn't stop me from having an opinion :)
Check out cancan:
http://github.com/ryanb/cancan
http://railscasts.com/episodes/192-authorization-with-cancan
It allows custom authorization schemes, without too much hassle.

Resources