473,324 Members | 2,511 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,324 software developers and data experts.

How to protect downloadable files?

Hi,

We have a web site which needs user to login. After login, there are some files available for download on some pages. A typical link of such file is like this one:
https://www.ourdomain.com/docs/contracts/c_02102006.pdf

I noticed that any one could get this file if the person knows this link regardless if this person has logged in or not.

Is there a way to prevent people who do not login to reach such downloadable files?

Thank you

Hongbo
Feb 24 '06 #1
3 1660
Hongbo

Rather than directing them directly to the file you could direct them to
a page that then checks if they're logged in, if they are then it performs
a server transfer to the file.

So your url could be > https://www.ourdomain.com/download.aspx?fileid=12323

Then in your page you could issue:

Server.Transfer("https://www.ourdomain.com/docs/contracts/c 02102006.pdf");

Providing they are logged in, otherwise they get re-directed to the login
page.

HTH
Kev
Hi,

We have a web site which needs user to login. After login, there are
some files available for download on some pages. A typical link of
such
file is like this one:
https://www.ourdomain.com/docs/contracts/c 02102006.pdf
I noticed that any one could get this file if the person knows this
link regardless if this person has logged in or not.

Is there a way to prevent people who do not login to reach such
downloadable files?

Thank you

Hongbo

Feb 24 '06 #2
Hongbo

Of course you could also not expose the file path at all and stream the contents
of the required file to the HttpResponse object, that would be better if
you want total control over who can access what.

kev
Hi,

We have a web site which needs user to login. After login, there are
some files available for download on some pages. A typical link of
such
file is like this one:
https://www.ourdomain.com/docs/contracts/c 02102006.pdf
I noticed that any one could get this file if the person knows this
link regardless if this person has logged in or not.

Is there a way to prevent people who do not login to reach such
downloadable files?

Thank you

Hongbo

Feb 24 '06 #3
Hi, Kev,

Thank you very much for your help!

I feel your 2nd method is what I am looking for.

Would you please give me a code example(or web link) on how to
stream the content of required file to the HttpResponse object?

Thank you and have a nice weekend

Hongbo
"Mantorok" <sp******@spam.com> wrote in message
news:3a**************************@news.rmplc.co.uk ...
Hongbo

Of course you could also not expose the file path at all and stream the contents of the required file to the HttpResponse object, that would be better if
you want total control over who can access what.

kev
Hi,

We have a web site which needs user to login. After login, there are
some files available for download on some pages. A typical link of
such
file is like this one:
https://www.ourdomain.com/docs/contracts/c 02102006.pdf
I noticed that any one could get this file if the person knows this
link regardless if this person has logged in or not.

Is there a way to prevent people who do not login to reach such
downloadable files?

Thank you

Hongbo


Feb 24 '06 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

11
by: LarryM | last post by:
Hi, NB, not to stop capturing the single displayed Image, but to stop downloading the entire image directory. (In my Website you will do a search, and get some thumbnails, and these can be...
3
by: JJ | last post by:
Hi, I am writing a cart in ASP selling downloadable files. The files are stored on remote locations i.e. http://www.thisfilestore.com/file1.zip And have different extensions, i.e. they are not...
11
by: siliconmike | last post by:
Is there a way to protect data files from access by root ? I have a data-centered website and would like to protect data piracy from any foot-loose hosting company employee. Any ideas? ...
3
by: Fabrizio | last post by:
HI, I'm trying to create an aspx page that lists all files that an user can download from a site simply clicking on the link. There is any example on the web? Thanks, Fabrizio
4
by: Ray Stevens | last post by:
How do you protect files (such as .PDF) in a hosted (Interland) environment when you have no access to IIS?
1
by: Hongbo | last post by:
Hi, We have a web site which needs user to login. After login, there are some files available for download on some pages. A typical link of such file is like this one:...
12
by: =?Utf-8?B?am9uaWdy?= | last post by:
I wrote a simple VB.NET application that imports and edits CSV files. Now I’d like to “lock” the raw (pre-import) CSV files so these cannot be opened separately. It is not high-sensitive...
14
by: lalit | last post by:
Hi there, Can some plz suggest me a way to show .ppt files on my website that can't be copied or saved by user using asp.net. any idea !!!! thankx
16
by: Martin Schneider | last post by:
Hi! I want to maintain a large file link list (to legal files, by the way :-)). The links should be protected from "grabbing", though. Is it possible to make the browser download a link...
4
by: Jim Aikin | last post by:
I'd like to learn JavaScript while sitting in my easy chair with my laptop on my lap. Option 1: Buy a wireless router so I can access the plethora of online- only tutorials from anywhere in the...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, youll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Shllpp 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.