How to protect downloadable files

Discussion in 'ASP .Net' started by Alan Silver, Jan 7, 2008.

  1. Alan Silver

    Alan Silver Guest

    Hello,

    I am writing a site where people can buy ebooks. I want to have a system
    whereby they can download the file(s) once they have paid, but
    (obviously) not before. I also want some sort of protection to stop
    people simply posting the download link around the 'net and have every
    Thomas, Richard and Harold grabbing them!

    Any suggestions for this?

    I was contemplating using URL rewriting to provide a temporary link that
    contained the date encoded, and have it only work for (say) 24 hours
    after they pay. If they want it after that, they have to ask me
    manually. That should deter people who haven't paid. I'm not sure how
    good a system this is though.

    Bear in mind that I'm not going to drive myself mad over this. I can't
    stop people simply distributing the ebooks themselves, so it's not worth
    expending huge efforts on protecting the download. Having said that, I
    want something that will deter petty thieves.

    Any suggestions welcome. TIA
    Alan

    --
    Alan Silver
    (anything added below this line is nothing to do with me)
    Alan Silver, Jan 7, 2008
    #1
    1. Advertising

  2. The easiest way is to create Download.aspx page

    which will evaluate the criteria (like if user logged in and has permission
    to download this book ) and then redirect to error.aspx if criteria failed
    or if success use Response.WriteFile to output file.

    PS: You will need to add folowing code

    Response.Buffer = false
    Response.AddHeader "Content-Disposition","attachment; filename=myebook.pdf"

    So users will be prompted to save file myebook.pdf

    George.


    "Alan Silver" <> wrote in message
    news:...
    > Hello,
    >
    > I am writing a site where people can buy ebooks. I want to have a system
    > whereby they can download the file(s) once they have paid, but (obviously)
    > not before. I also want some sort of protection to stop people simply
    > posting the download link around the 'net and have every Thomas, Richard
    > and Harold grabbing them!
    >
    > Any suggestions for this?
    >
    > I was contemplating using URL rewriting to provide a temporary link that
    > contained the date encoded, and have it only work for (say) 24 hours after
    > they pay. If they want it after that, they have to ask me manually. That
    > should deter people who haven't paid. I'm not sure how good a system this
    > is though.
    >
    > Bear in mind that I'm not going to drive myself mad over this. I can't
    > stop people simply distributing the ebooks themselves, so it's not worth
    > expending huge efforts on protecting the download. Having said that, I
    > want something that will deter petty thieves.
    >
    > Any suggestions welcome. TIA
    > Alan
    >
    > --
    > Alan Silver
    > (anything added below this line is nothing to do with me)
    George Ter-Saakov, Jan 7, 2008
    #2
    1. Advertising

  3. You could have an obfuscated querystring that includes the customer name or
    id, the date, and the id of the product to be able to download. If something
    comes in and the decoded date is over 24 hours old, you would deny it.

    There are a number of easy ways to encrypt or obfuscate a querystring. Here
    is a simple one:

    http://www.eggheadcafe.com/articles/20060427.asp
    -- Peter
    Site: http://www.eggheadcafe.com
    UnBlog: http://petesbloggerama.blogspot.com
    MetaFinder: http://www.blogmetafinder.com


    "Alan Silver" wrote:

    > Hello,
    >
    > I am writing a site where people can buy ebooks. I want to have a system
    > whereby they can download the file(s) once they have paid, but
    > (obviously) not before. I also want some sort of protection to stop
    > people simply posting the download link around the 'net and have every
    > Thomas, Richard and Harold grabbing them!
    >
    > Any suggestions for this?
    >
    > I was contemplating using URL rewriting to provide a temporary link that
    > contained the date encoded, and have it only work for (say) 24 hours
    > after they pay. If they want it after that, they have to ask me
    > manually. That should deter people who haven't paid. I'm not sure how
    > good a system this is though.
    >
    > Bear in mind that I'm not going to drive myself mad over this. I can't
    > stop people simply distributing the ebooks themselves, so it's not worth
    > expending huge efforts on protecting the download. Having said that, I
    > want something that will deter petty thieves.
    >
    > Any suggestions welcome. TIA
    > Alan
    >
    > --
    > Alan Silver
    > (anything added below this line is nothing to do with me)
    >
    Peter Bromberg [C# MVP], Jan 7, 2008
    #3
  4. in Computer management console ->default website select properties of your
    website:
    select the directory tab
    click the configuration button and make a new entry for the file extensoin
    you want to be handled by ASP.NET





    "Alan Silver" <> wrote in message
    news:...
    > Hello,
    >
    > I am writing a site where people can buy ebooks. I want to have a system
    > whereby they can download the file(s) once they have paid, but (obviously)
    > not before. I also want some sort of protection to stop people simply
    > posting the download link around the 'net and have every Thomas, Richard
    > and Harold grabbing them!
    >
    > Any suggestions for this?
    >
    > I was contemplating using URL rewriting to provide a temporary link that
    > contained the date encoded, and have it only work for (say) 24 hours after
    > they pay. If they want it after that, they have to ask me manually. That
    > should deter people who haven't paid. I'm not sure how good a system this
    > is though.
    >
    > Bear in mind that I'm not going to drive myself mad over this. I can't
    > stop people simply distributing the ebooks themselves, so it's not worth
    > expending huge efforts on protecting the download. Having said that, I
    > want something that will deter petty thieves.
    >
    > Any suggestions welcome. TIA
    > Alan
    >
    > --
    > Alan Silver
    > (anything added below this line is nothing to do with me)
    Sagaert Johan, Jan 9, 2008
    #4
  5. Alan Silver

    Alan Silver Guest

    Thanks to everyone who replied. So far, it sounds like you are all
    suggesting basically what I had in mind, so I'll carry on with that
    idea.

    Thanks

    In article <>, George Ter-Saakov
    <> writes
    >The easiest way is to create Download.aspx page
    >
    >which will evaluate the criteria (like if user logged in and has permission
    >to download this book ) and then redirect to error.aspx if criteria failed
    >or if success use Response.WriteFile to output file.
    >
    >PS: You will need to add folowing code
    >
    >Response.Buffer = false
    >Response.AddHeader "Content-Disposition","attachment; filename=myebook.pdf"
    >
    >So users will be prompted to save file myebook.pdf
    >
    >George.
    >
    >
    >"Alan Silver" <> wrote in message
    >news:...
    >> Hello,
    >>
    >> I am writing a site where people can buy ebooks. I want to have a system
    >> whereby they can download the file(s) once they have paid, but (obviously)
    >> not before. I also want some sort of protection to stop people simply
    >> posting the download link around the 'net and have every Thomas, Richard
    >> and Harold grabbing them!
    >>
    >> Any suggestions for this?
    >>
    >> I was contemplating using URL rewriting to provide a temporary link that
    >> contained the date encoded, and have it only work for (say) 24 hours after
    >> they pay. If they want it after that, they have to ask me manually. That
    >> should deter people who haven't paid. I'm not sure how good a system this
    >> is though.
    >>
    >> Bear in mind that I'm not going to drive myself mad over this. I can't
    >> stop people simply distributing the ebooks themselves, so it's not worth
    >> expending huge efforts on protecting the download. Having said that, I
    >> want something that will deter petty thieves.
    >>
    >> Any suggestions welcome. TIA
    >> Alan
    >>
    >> --
    >> Alan Silver
    >> (anything added below this line is nothing to do with me)

    >
    >


    --
    Alan Silver
    (anything added below this line is nothing to do with me)
    Alan Silver, Jan 9, 2008
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. a
    Replies:
    1
    Views:
    3,001
    Ajeetha Kumari
    Jul 15, 2003
  2. Hongbo

    How to protect downloadable files?

    Hongbo, Feb 21, 2006, in forum: ASP .Net
    Replies:
    1
    Views:
    433
    Hans Kesting
    Feb 21, 2006
  3. Hongbo

    How to protect downloadable files?

    Hongbo, Feb 24, 2006, in forum: ASP .Net
    Replies:
    3
    Views:
    1,061
    Hongbo
    Feb 24, 2006
  4. lalit
    Replies:
    14
    Views:
    1,200
    lalit
    Jun 14, 2007
  5. Alpine7

    Secure downloadable PDF files

    Alpine7, Mar 24, 2009, in forum: ASP .Net Security
    Replies:
    2
    Views:
    816
    Chakravarthy
    Apr 23, 2009
Loading...

Share This Page