Hi there,
I'm writing an app in which a punter buys some PDFs online. After
purchasing said PDFs, they will be given a token (bless them Guids) to
go to a download .ASPX page from which they can download the PDFs.
I'm planning to use Forms Authentication to protect the .ASPX page
which gives them the list of PDFs they can download (driven by the
token, which will be their order number or similar). The page will
also only allow 10 loads and the list of PDFs will only be available
for 24 hours to cut down on other people obtaining the PDFs.
And there's the rub: for the PDFs to be downloaded from the site, they
have to exist in the site. And if that's the case, what's to prevent
people figuring out (right-click, view properties of the hyperlink)
the URL of the PDF and going directly to the PDFs? I was hoping that
Forms Authentication would protect all files in a folder, but it
appears not to do so - I directly download a PDF file in a folder
protected by Forms Authentication, guess it only works for .aspx
files?
So, does anyone have any suggestions? I did think about creating a
separate folder for each order (i.e. each Guid), and then copying the
PDFs into that, but the files are quite large, and then a job on the
server would have to run each day to wipe old folders, etc.
Yours in hope,
Mike Kingscott
3  1936 
I believe all you need to do is to configure your IIS App Mappings under Home Directory/ Application Settings/ Configuration to route requests for .pdf's through aspnet_isapi.dll. Forms authentication should pick up on the requests then, and allow/deny them access accordingly.
--Michael
"Mike Kingscott" <mi**@kingscott.f9.co.uk> wrote in message news:7d*************************@posting.google.co m... Hi there,
I'm writing an app in which a punter buys some PDFs online. After
purchasing said PDFs, they will be given a token (bless them Guids) to
go to a download .ASPX page from which they can download the PDFs.
I'm planning to use Forms Authentication to protect the .ASPX page
which gives them the list of PDFs they can download (driven by the
token, which will be their order number or similar). The page will
also only allow 10 loads and the list of PDFs will only be available
for 24 hours to cut down on other people obtaining the PDFs.
And there's the rub: for the PDFs to be downloaded from the site, they
have to exist in the site. And if that's the case, what's to prevent
people figuring out (right-click, view properties of the hyperlink)
the URL of the PDF and going directly to the PDFs? I was hoping that
Forms Authentication would protect all files in a folder, but it
appears not to do so - I directly download a PDF file in a folder
protected by Forms Authentication, guess it only works for .aspx
files?
So, does anyone have any suggestions? I did think about creating a
separate folder for each order (i.e. each Guid), and then copying the
PDFs into that, but the files are quite large, and then a job on the
server would have to run each day to wipe old folders, etc.
Yours in hope,
Mike Kingscott
They have not necessarily to be on the site. A web page could rread this
file from another locartion and stream its content to the browser (see the
Response.WriteFile method).
Patrice
--
"Mike Kingscott" <mi**@kingscott.f9.co.uk> a écrit dans le message de
news:7d*************************@posting.google.co m... Hi there,
I'm writing an app in which a punter buys some PDFs online. After
purchasing said PDFs, they will be given a token (bless them Guids) to
go to a download .ASPX page from which they can download the PDFs.
I'm planning to use Forms Authentication to protect the .ASPX page
which gives them the list of PDFs they can download (driven by the
token, which will be their order number or similar). The page will
also only allow 10 loads and the list of PDFs will only be available
for 24 hours to cut down on other people obtaining the PDFs.
And there's the rub: for the PDFs to be downloaded from the site, they
have to exist in the site. And if that's the case, what's to prevent
people figuring out (right-click, view properties of the hyperlink)
the URL of the PDF and going directly to the PDFs? I was hoping that
Forms Authentication would protect all files in a folder, but it
appears not to do so - I directly download a PDF file in a folder
protected by Forms Authentication, guess it only works for .aspx
files?
So, does anyone have any suggestions? I did think about creating a
separate folder for each order (i.e. each Guid), and then copying the
PDFs into that, but the files are quite large, and then a job on the
server would have to run each day to wipe old folders, etc.
Yours in hope,
Mike Kingscott
Guys, thanks very much for the speedy response. At the moment, I've
gone for protecting the file via the aspnet_isapi.dll method, and it
works just dandy. As for using the Repsonse.WriteFile method, I may
have to try that as well, just for extra security, but I'm wondering
if it would work for a right-click Save As... command? Ah well,
something to play with when I have time ;-)
Thanks again,
Mike Kingscott
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Billy Jacobs |
last post by:
I have a website which has both secure and non-secure
pages. I want to uses forms authentication. How do I
accomplish this?
Originally I had my web.config file in the root with Forms...
|
by: Pawan |
last post by:
Hi Guys,
I have this current assignment where I have to develop online forms for
local municipal authorities. I have to use adobe acrobat to create online
forms from PDFs (which I have never done...
|
by: Maziar Aflatoun |
last post by:
Hi,
I'm trying to protect one of my subfolders from Web.config file in my root
folder. Here is my directory structure
/ // My shopping cart
/admin // Shopping cart...
|
by: Ryan Moore |
last post by:
I am creating a site that has an "Uploads" directory where users can upload
image files (let's say .jpgs and .gifs). When a user uploads an image, the
system creates a directory within this...
|
by: Maziar Aflatoun |
last post by:
Hi everyone,
I have a website that requires 2 separate sections to be password protected
(/admin and /admin2) so that for ex. once the user in /admin2 is
authenticated he/she can then view...
|
by: Adam |
last post by:
I have an asp.net site for which I want to protect two different folders
(for arguments sake, call them "members" and "admin").
I'm reading username and password info from a database, which is...
|
by: darrel |
last post by:
I need to be able to password protect individual pages.
For instance:
/protected.aspx?id=123
/protected.aspx?id=555
Both would need to be only accessible to two different people (with their...
|
by: Phil Hellmuth |
last post by:
Pardon my ignorance...I'm new to .NET...but I want a user to be forced
to submit login credentials before displaying a page. Is there a quick,
easy way to do this? Don't worry about verifying the...
|
by: rogerjames1 |
last post by:
How would I go about protecting a whole directory, e.g.
http://www.example.com/members/ and all sub-directories with login
protection? I wouldn't like to put a .php script in each directory and...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |
