Is this possible...?

G

Guest

Hi guys,

I'm wondering if the following idea might be possible in asp.net, perhaps
with an HTTPModule or something? Any ideas/pointers would be useful...

Let's say that I have a directory full of downloads, and I want to show a
license agreement before each download begins. I could have a page, with an
accept/decline, which then forwards to the file.

However, if someone gets clever, they could bypass this, by navigating
directly to the downloads directory and file on my site, so they don't have
to fill in the form/agree whatever.

I'm wondering if there is a way of being able to say "if a browser requests
this file, send them here first, AND then download it". So it's done as a
redirect or something, so that there's NO WAY they could bypass??

Does that make sense? Is it possible?!

Thanks



Dan
 
G

Guest

musosdev said:
Hi guys,

I'm wondering if the following idea might be possible in asp.net, perhaps
with an HTTPModule or something? Any ideas/pointers would be useful...

Let's say that I have a directory full of downloads, and I want to show a
license agreement before each download begins. I could have a page, with an
accept/decline, which then forwards to the file.

However, if someone gets clever, they could bypass this, by navigating
directly to the downloads directory and file on my site, so they don't have
to fill in the form/agree whatever.

I'm wondering if there is a way of being able to say "if a browser requests
this file, send them here first, AND then download it". So it's done as a
redirect or something, so that there's NO WAY they could bypass??

Does that make sense? Is it possible?!

Thanks



Dan
Click to expand...

Send the file you want to download as a query string to a page, e.g.
GetDownload.aspx?file=funnyimage.png

In the page you display the license agreement, and on agreement you
redirect to a proxy page with the same querystring, plus another
querystring value that is unique for the file to download. Perhaps a
checksum of the file name or something.

In the proxy page you check the querystring values so that they match,
and if they do, you return the file to the user.

Example:

string file = Request.QueryString["file"];
string check = Request.QueryString["check"];

if (CleverMethodToCheckValues(file, check) {
// set proper mime type depending on file type
Response.ContentType = "image/png"
// send the file
Response.WriteFile("c:\some\nice\data\folder\" + file);
} else {
// send something else
}

The files to be downloaded can be placed anywhere you like, so they
doesn't have to be directly accessible from the web at all.

Check that the file name doesn't contain any \ or / characters, so that
the page can not possibly be used to reach any files outside the
download folder.
 
G

Guest

Interesting suggestions, I'll look into both. Thanks!



Göran Andersson said:
musosdev said:
Hi guys,

I'm wondering if the following idea might be possible in asp.net, perhaps
with an HTTPModule or something? Any ideas/pointers would be useful...

Let's say that I have a directory full of downloads, and I want to show a
license agreement before each download begins. I could have a page, with an
accept/decline, which then forwards to the file.

However, if someone gets clever, they could bypass this, by navigating
directly to the downloads directory and file on my site, so they don't have
to fill in the form/agree whatever.

I'm wondering if there is a way of being able to say "if a browser requests
this file, send them here first, AND then download it". So it's done as a
redirect or something, so that there's NO WAY they could bypass??

Does that make sense? Is it possible?!

Thanks



Dan
Click to expand...

Send the file you want to download as a query string to a page, e.g.
GetDownload.aspx?file=funnyimage.png

In the page you display the license agreement, and on agreement you
redirect to a proxy page with the same querystring, plus another
querystring value that is unique for the file to download. Perhaps a
checksum of the file name or something.

In the proxy page you check the querystring values so that they match,
and if they do, you return the file to the user.

Example:

string file = Request.QueryString["file"];
string check = Request.QueryString["check"];

if (CleverMethodToCheckValues(file, check) {
// set proper mime type depending on file type
Response.ContentType = "image/png"
// send the file
Response.WriteFile("c:\some\nice\data\folder\" + file);
} else {
// send something else
}

The files to be downloaded can be placed anywhere you like, so they
doesn't have to be directly accessible from the web at all.

Check that the file name doesn't contain any \ or / characters, so that
the page can not possibly be used to reach any files outside the
download folder.
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Is this possible? 0
Is there a way to pass this state from component to the fetch? 1
Is it possible monkey patch like this? 4
What is the best way of going about recreating the setTimeout() function? 0
GET NEIL DEGRASSES TYSON, I ripped a hole with this one... 0
Is This Possible ... ? 8
Is this possible? 2
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2

Members online

Total: 32 (members: 2, guests: 30)
Robots: 88

Forum statistics

Threads
473,780
Messages
2,569,611
Members
45,280
Latest member
BGBBrock56

Latest Threads

Top