How to authorize download?

[lenyado]

I am planning a website which reqires this feature: it allows registered
users to upload and/or download files (like *.doc, *.ppt etc.) but not
everyone can download every files. some files are restricted to certain users
only. that means only certain users can download certain files. but if the
URL of a certain file that needed to be protected is exposed, the
authorization will be in vain. any solutions?

 

[Ben Lucas]

You could write an HttpHandler or an HttpModule to handle the security.
Basically your HttpHandler or HttpModule would need to perform the security
check and give an Access Denied message if the user does not have access, or
if the user does have access, set the content type and write the file to the
Response stream.

Also, note that you will have to set up IIS so that the ASP.Net application
handles .doc, .ppt, and whatever other files you want to provide security
for.

 

[Daniel Fisher\(lennybacon\)]

Write the files based on a querystringvariable as binary to the response
stream (if the user is authenticated, otherwise send him some greetings with
a errormessage) - so you don't have to reconfigure IIS and nobody has knows
the path to the files.

 

[Patrick Olurotimi Ige]

Try looking at these 2 artickes at:-
http://dotnetjunkies.com/WebLog/richard.dudley/archive/2004/05/21/14215.
aspx

and

http://www.microsoft.com/india/msdn/articles/57.aspx

Hope it helps..
Patrick

 

[Lenyado]

Thanks, that's quite helpful. i will try that out later.