Secure Downloads in Shared hosting

D

Dave Lambert

Hi there, I have created a download website for members, all downloads are held in a folder and a user can access a specific download when he has paid for them, i then write a record into the database to say the user is entitled to download this item. I then wish when the user logs on, to display all downloads they have bought in a web page, via say a link to the download, how would I do this and stop people just typing in the name of the file directly into the address bar as they could then download the file for free. The site is on a shared server so I cannot change the IIS settings

Any help would be much appreciated as I am scratching my head and typing at the same time in puzzlement of how to accomplish this effectively!!

dave
 
W

Wes Henderson

Dave,

Here's the approach I took to a similar situation:

- I had the downloads in a folder not accessible to anonymous users (can you
modify permissions?)
- I processed the download requests programmatically (the code decided
whether or not they got the download)

The name of the file could be sent as part of the GET request (ie.
Download.aspx?file=filename.aaa), then the code could check the database to
see if they're clear for access.

Here are some C# code snippits that might help~

String filename = Request.Params["file"]; // stores "filename.aaa" in
filename

// Add your own code here to approve the file.
// If it's a public site, you probably want to make sure filename doesn't
// contain double periods, slashes, and whatnot. In fact, you might want
// to add an encryption/decryption routine just so people will have a
// hard time generating their own requests

// If approved for download then do this code
Response.AppendHeader("Content-Disposition", "attachment; filename=" +
filename);
Response.Flush();
Response.WriteFile("c:\\somefolder\\" + filename);
Response.End();


Hope this helps.

--
Regards,
Wes Henderson

In order to help everyone, please direct all replies to this newsgroup.
This posting is my personal effort to provide help and is not on behalf of
any company.
Also, this posting is provided "AS IS" with no expressed or implied
warranties.

Dave Lambert said:
Hi there, I have created a download website for members, all downloads are
Click to expand...
held in a folder and a user can access a specific download when he has paid
for them, i then write a record into the database to say the user is
entitled to download this item. I then wish when the user logs on, to
display all downloads they have bought in a web page, via say a link to the
download, how would I do this and stop people just typing in the name of the
file directly into the address bar as they could then download the file for
free. The site is on a shared server so I cannot change the IIS settings.
Any help would be much appreciated as I am scratching my head and typing
Click to expand...
at the same time in puzzlement of how to accomplish this effectively!!!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Shared Hosting 9
Amazon AWS - X.509 - Shared Hosting Enviroments 0
Shared web hosting where python is *not* a second class citizen 0
Web.config encryption in shared hosting scenario 3
SqlMembershipProvider deployment to shared hosting 0
SqlMembershipProvider deployment to shared hosting 0
Login form no longer working 2
Mocking file downloads 1

Members online

Total: 33 (members: 1, guests: 32)
Robots: 156

Forum statistics

Threads
473,776
Messages
2,569,603
Members
45,189
Latest member
CryptoTaxSoftware

Latest Threads

Top