How to protect downloadable files?

Discussion in 'ASP .Net' started by Hongbo, Feb 24, 2006.

  1. Hongbo

    Hongbo Guest

    Hi,

    We have a web site which needs user to login. After login, there are some files available for download on some pages. A typical link of such file is like this one:
    https://www.ourdomain.com/docs/contracts/c_02102006.pdf

    I noticed that any one could get this file if the person knows this link regardless if this person has logged in or not.

    Is there a way to prevent people who do not login to reach such downloadable files?

    Thank you

    Hongbo
     
    Hongbo, Feb 24, 2006
    #1
    1. Advertising

  2. Hongbo

    Mantorok Guest

    Hongbo

    Rather than directing them directly to the file you could direct them to
    a page that then checks if they're logged in, if they are then it performs
    a server transfer to the file.

    So your url could be > https://www.ourdomain.com/download.aspx?fileid=12323

    Then in your page you could issue:

    Server.Transfer("https://www.ourdomain.com/docs/contracts/c 02102006.pdf");

    Providing they are logged in, otherwise they get re-directed to the login
    page.

    HTH
    Kev

    > Hi,
    >
    > We have a web site which needs user to login. After login, there are
    > some files available for download on some pages. A typical link of
    > such
    > file is like this one:
    > https://www.ourdomain.com/docs/contracts/c 02102006.pdf
    > I noticed that any one could get this file if the person knows this
    > link regardless if this person has logged in or not.
    >
    > Is there a way to prevent people who do not login to reach such
    > downloadable files?
    >
    > Thank you
    >
    > Hongbo
    >
     
    Mantorok, Feb 24, 2006
    #2
    1. Advertising

  3. Hongbo

    Mantorok Guest

    Hongbo

    Of course you could also not expose the file path at all and stream the contents
    of the required file to the HttpResponse object, that would be better if
    you want total control over who can access what.

    kev

    > Hi,
    >
    > We have a web site which needs user to login. After login, there are
    > some files available for download on some pages. A typical link of
    > such
    > file is like this one:
    > https://www.ourdomain.com/docs/contracts/c 02102006.pdf
    > I noticed that any one could get this file if the person knows this
    > link regardless if this person has logged in or not.
    >
    > Is there a way to prevent people who do not login to reach such
    > downloadable files?
    >
    > Thank you
    >
    > Hongbo
    >
     
    Mantorok, Feb 24, 2006
    #3
  4. Hongbo

    Hongbo Guest

    Hi, Kev,

    Thank you very much for your help!

    I feel your 2nd method is what I am looking for.

    Would you please give me a code example(or web link) on how to
    stream the content of required file to the HttpResponse object?

    Thank you and have a nice weekend

    Hongbo
    "Mantorok" <> wrote in message
    news:...
    > Hongbo
    >
    > Of course you could also not expose the file path at all and stream the

    contents
    > of the required file to the HttpResponse object, that would be better if
    > you want total control over who can access what.
    >
    > kev
    >
    > > Hi,
    > >
    > > We have a web site which needs user to login. After login, there are
    > > some files available for download on some pages. A typical link of
    > > such
    > > file is like this one:
    > > https://www.ourdomain.com/docs/contracts/c 02102006.pdf
    > > I noticed that any one could get this file if the person knows this
    > > link regardless if this person has logged in or not.
    > >
    > > Is there a way to prevent people who do not login to reach such
    > > downloadable files?
    > >
    > > Thank you
    > >
    > > Hongbo
    > >

    >
    >
     
    Hongbo, Feb 24, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. a
    Replies:
    1
    Views:
    3,037
    Ajeetha Kumari
    Jul 15, 2003
  2. Hongbo

    How to protect downloadable files?

    Hongbo, Feb 21, 2006, in forum: ASP .Net
    Replies:
    1
    Views:
    440
    Hans Kesting
    Feb 21, 2006
  3. lalit
    Replies:
    14
    Views:
    1,216
    lalit
    Jun 14, 2007
  4. Alan Silver

    How to protect downloadable files

    Alan Silver, Jan 7, 2008, in forum: ASP .Net
    Replies:
    4
    Views:
    387
    Alan Silver
    Jan 9, 2008
  5. Alpine7

    Secure downloadable PDF files

    Alpine7, Mar 24, 2009, in forum: ASP .Net Security
    Replies:
    2
    Views:
    825
    Chakravarthy
    Apr 23, 2009
Loading...

Share This Page