How to protect downloadable files?

[Hongbo]

Hi,

We have a web site which needs user to login. After login, there are some files available for download on some pages. A typical link of such file is like this one:
https://www.ourdomain.com/docs/contracts/c_02102006.pdf

I noticed that any one could get this file if the person knows this link regardless if this person has logged in or not.

Is there a way to prevent people who do not login to reach such downloadable files?

Thank you

Hongbo

 

[Mantorok]

Hongbo

Rather than directing them directly to the file you could direct them to
a page that then checks if they're logged in, if they are then it performs
a server transfer to the file.

So your url could be > https://www.ourdomain.com/download.aspx?fileid=12323

Then in your page you could issue:

Server.Transfer("https://www.ourdomain.com/docs/contracts/c 02102006.pdf");

Providing they are logged in, otherwise they get re-directed to the login
page.

HTH
Kev

 

[Mantorok]

Hongbo

Of course you could also not expose the file path at all and stream the contents
of the required file to the HttpResponse object, that would be better if
you want total control over who can access what.

kev

 

[Hongbo]

Hi, Kev,

Thank you very much for your help!

I feel your 2nd method is what I am looking for.

Would you please give me a code example(or web link) on how to
stream the content of required file to the HttpResponse object?

Thank you and have a nice weekend

Hongbo