Shawn,
If it's required that people be able to download these (which I'm sure it
is), your best bet is to store them on the file system where they are
inaccessible directly. You can then use Response.BinaryWrite to stream
them down to the browser when legitimate.
Here's a small code sample that demonstrates a PDF file loaded both inline
and outside fo the browser.
Dim fs As New FileStream("c:\directory\books.pdf"),
FileMode.OpenOrCreate, FileAccess.Read)
Dim MyData(fs.Length) As Byte
fs.Read(MyData, 0, fs.Length)
Response.Buffer = True
Response.Clear()
Response.ContentType = "application/pdf"
' Opens it outside browser
Response.AddHeader("content-disposition", "attachment;
filename=books.pdf")
' Opens it inside browser
'Response.AddHeader("content-disposition", "inline;
filename=books.pdf")
Response.BinaryWrite(MyData)
Response.End()
Hope that helps.
Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
ja******@online.microsoft.com
This post is provided as-is with no warranties and confers no rights.
--------------------
From: "Shawn" <bo********@hotmail.com>
Subject: Protecting documents
Date: Fri, 21 Nov 2003 13:20:58 +0100
Lines: 10
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <OH**************@TK2MSFTNGP10.phx.gbl>
Newsgroups: microsoft.public.dotnet.framework.aspnet
NNTP-Posting-Host: pc3.akermaritime.no 193.161.152.243
Path:
cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!cpmsftng xa06.phx.gbl!TK2MSFTNGP08.
phx.gbl!TK2MSFTNGP10.phx.gblXref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:191817
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
Hi.
I have a folder that contains a lot of different documents. xls, .doc, .pdf
etc. Different users have access to different documents. The problem is
that if a user knows the name of a document then he can just write the path
into IE and get access to it anyway. Is it possible to prevent this?
Thanks,
Shawn