Shield file from download?

Discussion in 'ASP .Net' started by q, Dec 3, 2008.

  1. q

    q Guest

    Hi, all -

    Sort of a noob question, I suppose...

    I have a file I want to make available for download from my site. I want to
    make sure people check a checkbox first, though, saying they agree to
    license terms. At the moment, I'm using an asp:HyperLink and
    enabling/disabling it in response to the checkbox change. Works fine, except
    there's really nothing to prevent someone from posting the url from the
    hyperlink elsewhere and allowing people to download my file, bypassing the
    license terms.

    Ideally, I'd like to have the same UI as I do now - a checkbox and an
    asp:HyperLink - but have the download implemented in such a way that the
    file can ONLY be accessed by clicking the link, as opposed to, say, typing
    the link url directly into the address bar of IE.

    Can anyone out there suggest a good solution?


    TIA.
    q, Dec 3, 2008
    #1
    1. Advertising

  2. Hve the file delivered through a web page and protect that web page by
    login. Then "log" the user in only when they agree. Then if someone hits the
    link directly, you can redirect them to the log in.

    Another option is an HTTP filter for download that requires credentials.

    --
    Gregory A. Beamer
    MVP: MCP: +I, SE, SD, DBA

    Blog:
    http://feeds.feedburner.com/GregoryBeamer

    ********************************************
    | Think Outside the Box! |
    ********************************************
    "q" <> wrote in message
    news:%23WBh%...
    > Hi, all -
    >
    > Sort of a noob question, I suppose...
    >
    > I have a file I want to make available for download from my site. I want
    > to make sure people check a checkbox first, though, saying they agree to
    > license terms. At the moment, I'm using an asp:HyperLink and
    > enabling/disabling it in response to the checkbox change. Works fine,
    > except there's really nothing to prevent someone from posting the url from
    > the hyperlink elsewhere and allowing people to download my file, bypassing
    > the license terms.
    >
    > Ideally, I'd like to have the same UI as I do now - a checkbox and an
    > asp:HyperLink - but have the download implemented in such a way that the
    > file can ONLY be accessed by clicking the link, as opposed to, say, typing
    > the link url directly into the address bar of IE.
    >
    > Can anyone out there suggest a good solution?
    >
    >
    > TIA.
    >
    Gregory A. Beamer, Dec 3, 2008
    #2
    1. Advertising

  3. q

    q Guest

    Gregory -

    Thanks for the response. Let me see if I understand correctly. I could make
    two pages with an identical UI, one protected and the other not. The public
    one wouldn't ever activate the hyperlink - it would stay disabled, and when
    the user checked the 'I agree' checkbox, he'd be redirected to the protected
    version of the page, where the link would be enabled. The download itself
    would also be protected under the same credentials.

    Is this what you're describing with the first option?

    re the second option: How would I implement this? Need more hints on this
    one, I'm afraid.




    "Gregory A. Beamer" <> wrote in message
    news:...
    > Hve the file delivered through a web page and protect that web page by
    > login. Then "log" the user in only when they agree. Then if someone hits
    > the link directly, you can redirect them to the log in.
    >
    > Another option is an HTTP filter for download that requires credentials.
    >
    > --
    > Gregory A. Beamer
    > MVP: MCP: +I, SE, SD, DBA
    >
    > Blog:
    > http://feeds.feedburner.com/GregoryBeamer
    >
    > ********************************************
    > | Think Outside the Box! |
    > ********************************************
    > "q" <> wrote in message
    > news:%23WBh%...
    >> Hi, all -
    >>
    >> Sort of a noob question, I suppose...
    >>
    >> I have a file I want to make available for download from my site. I want
    >> to make sure people check a checkbox first, though, saying they agree to
    >> license terms. At the moment, I'm using an asp:HyperLink and
    >> enabling/disabling it in response to the checkbox change. Works fine,
    >> except there's really nothing to prevent someone from posting the url
    >> from the hyperlink elsewhere and allowing people to download my file,
    >> bypassing the license terms.
    >>
    >> Ideally, I'd like to have the same UI as I do now - a checkbox and an
    >> asp:HyperLink - but have the download implemented in such a way that the
    >> file can ONLY be accessed by clicking the link, as opposed to, say,
    >> typing the link url directly into the address bar of IE.
    >>
    >> Can anyone out there suggest a good solution?
    >>
    >>
    >> TIA.
    >>

    >
    q, Dec 3, 2008
    #3
  4. If you insist on having a hyperlink in the page, you may always run the risk
    of somebody doing "View Source" and grabbing the link. What you can do is
    when the checkbox is checked (Autopostback =true) then on the postback, you
    can use Response.ContentType = "whatever", combined with Response.WriteFile
    to send the file without the user having any idea of what the "link" is.
    There are other similar methods as well.
    Peter
    "q" <> wrote in message
    news:%23WBh%...
    > Hi, all -
    >
    > Sort of a noob question, I suppose...
    >
    > I have a file I want to make available for download from my site. I want
    > to make sure people check a checkbox first, though, saying they agree to
    > license terms. At the moment, I'm using an asp:HyperLink and
    > enabling/disabling it in response to the checkbox change. Works fine,
    > except there's really nothing to prevent someone from posting the url from
    > the hyperlink elsewhere and allowing people to download my file, bypassing
    > the license terms.
    >
    > Ideally, I'd like to have the same UI as I do now - a checkbox and an
    > asp:HyperLink - but have the download implemented in such a way that the
    > file can ONLY be accessed by clicking the link, as opposed to, say, typing
    > the link url directly into the address bar of IE.
    >
    > Can anyone out there suggest a good solution?
    >
    >
    > TIA.
    >
    Peter Bromberg [C# MVP], Dec 4, 2008
    #4
  5. q

    q Guest

    Hi, Peter -

    This sounds like exactly what I'm looking for.

    I'll look at the docs this evening and see if I can get something up and
    running. I may be back.

    Thanks for the help!





    "Peter Bromberg [C# MVP]" <> wrote in message
    news:...
    > If you insist on having a hyperlink in the page, you may always run the
    > risk of somebody doing "View Source" and grabbing the link. What you can
    > do is when the checkbox is checked (Autopostback =true) then on the
    > postback, you can use Response.ContentType = "whatever", combined with
    > Response.WriteFile to send the file without the user having any idea of
    > what the "link" is. There are other similar methods as well.
    > Peter
    > "q" <> wrote in message
    > news:%23WBh%...
    >> Hi, all -
    >>
    >> Sort of a noob question, I suppose...
    >>
    >> I have a file I want to make available for download from my site. I want
    >> to make sure people check a checkbox first, though, saying they agree to
    >> license terms. At the moment, I'm using an asp:HyperLink and
    >> enabling/disabling it in response to the checkbox change. Works fine,
    >> except there's really nothing to prevent someone from posting the url
    >> from the hyperlink elsewhere and allowing people to download my file,
    >> bypassing the license terms.
    >>
    >> Ideally, I'd like to have the same UI as I do now - a checkbox and an
    >> asp:HyperLink - but have the download implemented in such a way that the
    >> file can ONLY be accessed by clicking the link, as opposed to, say,
    >> typing the link url directly into the address bar of IE.
    >>
    >> Can anyone out there suggest a good solution?
    >>
    >>
    >> TIA.
    >>

    >
    q, Dec 4, 2008
    #5
  6. To an extent, you are correct. I am sugesting a bit of an "outside the box"
    solution that is quick and easy to implement.

    What you do is make sure the download "page" can only be hit by an
    authenticated user. You then "authenticate" them with the button click. You
    can then set up this folder with a web.config that redirects the person to
    the page with the accept if they try to hit it directly. The page sees them
    unauthenticated and boom.

    Now, if you already have a secured section, you will have to get into roles,
    as any authenticated user can bypass. This might not be good and is
    something I did not think through initially.

    But, you can alter this pattern to look for something on the user's
    "profile". Borrowing from an old ASP methodology, you can do something like
    this for the "download" page:

    Page_Load

    if(Session["AcceptedDownload"])
    {
    //Set mime type
    Response.ContentType = "{your type}";

    //Get file here
    //Stream file
    }
    else
    {
    //redirect to accept "page"
    }

    now, the accept page could actually be the same page, if you want to custom
    build the page with code.

    The benefit here is you can use a login section and still have the download
    protected. It will require a bit more code and you will be storing the
    information somewhere for acceptance (cookie, session, etc.).

    Another option is to use something like Silverlight as your "download
    manager". You then have full control over whether the user sees the download
    link. The same can be done with ActiveX (although the install is a pain),
    Flash, Java applets, etc.

    These are just some ideas that can work for you.

    --
    Gregory A. Beamer
    MVP: MCP: +I, SE, SD, DBA

    Blog:
    http://feeds.feedburner.com/GregoryBeamer

    ********************************************
    | Think Outside the Box! |
    ********************************************
    "q" <> wrote in message news:...
    > Gregory -
    >
    > Thanks for the response. Let me see if I understand correctly. I could
    > make two pages with an identical UI, one protected and the other not. The
    > public one wouldn't ever activate the hyperlink - it would stay disabled,
    > and when the user checked the 'I agree' checkbox, he'd be redirected to
    > the protected version of the page, where the link would be enabled. The
    > download itself would also be protected under the same credentials.
    >
    > Is this what you're describing with the first option?
    >
    > re the second option: How would I implement this? Need more hints on this
    > one, I'm afraid.
    >
    >
    >
    >
    > "Gregory A. Beamer" <> wrote in message
    > news:...
    >> Hve the file delivered through a web page and protect that web page by
    >> login. Then "log" the user in only when they agree. Then if someone hits
    >> the link directly, you can redirect them to the log in.
    >>
    >> Another option is an HTTP filter for download that requires credentials.
    >>
    >> --
    >> Gregory A. Beamer
    >> MVP: MCP: +I, SE, SD, DBA
    >>
    >> Blog:
    >> http://feeds.feedburner.com/GregoryBeamer
    >>
    >> ********************************************
    >> | Think Outside the Box! |
    >> ********************************************
    >> "q" <> wrote in message
    >> news:%23WBh%...
    >>> Hi, all -
    >>>
    >>> Sort of a noob question, I suppose...
    >>>
    >>> I have a file I want to make available for download from my site. I want
    >>> to make sure people check a checkbox first, though, saying they agree to
    >>> license terms. At the moment, I'm using an asp:HyperLink and
    >>> enabling/disabling it in response to the checkbox change. Works fine,
    >>> except there's really nothing to prevent someone from posting the url
    >>> from the hyperlink elsewhere and allowing people to download my file,
    >>> bypassing the license terms.
    >>>
    >>> Ideally, I'd like to have the same UI as I do now - a checkbox and an
    >>> asp:HyperLink - but have the download implemented in such a way that the
    >>> file can ONLY be accessed by clicking the link, as opposed to, say,
    >>> typing the link url directly into the address bar of IE.
    >>>
    >>> Can anyone out there suggest a good solution?
    >>>
    >>>
    >>> TIA.
    >>>

    >>

    >
    >
    Gregory A. Beamer, Dec 4, 2008
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. David Waz...

    Install Shield

    David Waz..., Jul 9, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    431
    Yan-Hong Huang[MSFT]
    Jul 10, 2003
  2. Ryan Taylor
    Replies:
    2
    Views:
    922
    Ryan Taylor
    Nov 10, 2004
  3. Sam --
    Replies:
    2
    Views:
    594
    Sam --
    Mar 17, 2005
  4. ru
    Replies:
    5
    Views:
    428
    Roedy Green
    Jun 24, 2004
  5. Brett  Kelly
    Replies:
    1
    Views:
    663
    Steve C. Orr [MVP, MCSD]
    Jun 16, 2006
Loading...

Share This Page