Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Shield file from download?

Reply
Thread Tools

Shield file from download?

 
 
q
Guest
Posts: n/a
 
      12-03-2008
Hi, all -

Sort of a noob question, I suppose...

I have a file I want to make available for download from my site. I want to
make sure people check a checkbox first, though, saying they agree to
license terms. At the moment, I'm using an asp:HyperLink and
enabling/disabling it in response to the checkbox change. Works fine, except
there's really nothing to prevent someone from posting the url from the
hyperlink elsewhere and allowing people to download my file, bypassing the
license terms.

Ideally, I'd like to have the same UI as I do now - a checkbox and an
asp:HyperLink - but have the download implemented in such a way that the
file can ONLY be accessed by clicking the link, as opposed to, say, typing
the link url directly into the address bar of IE.

Can anyone out there suggest a good solution?


TIA.


 
Reply With Quote
 
 
 
 
Gregory A. Beamer
Guest
Posts: n/a
 
      12-03-2008
Hve the file delivered through a web page and protect that web page by
login. Then "log" the user in only when they agree. Then if someone hits the
link directly, you can redirect them to the log in.

Another option is an HTTP filter for download that requires credentials.

--
Gregory A. Beamer
MVP: MCP: +I, SE, SD, DBA

Blog:
http://feeds.feedburner.com/GregoryBeamer

********************************************
| Think Outside the Box! |
********************************************
"q" <(E-Mail Removed)> wrote in message
news:%23WBh%(E-Mail Removed)...
> Hi, all -
>
> Sort of a noob question, I suppose...
>
> I have a file I want to make available for download from my site. I want
> to make sure people check a checkbox first, though, saying they agree to
> license terms. At the moment, I'm using an asp:HyperLink and
> enabling/disabling it in response to the checkbox change. Works fine,
> except there's really nothing to prevent someone from posting the url from
> the hyperlink elsewhere and allowing people to download my file, bypassing
> the license terms.
>
> Ideally, I'd like to have the same UI as I do now - a checkbox and an
> asp:HyperLink - but have the download implemented in such a way that the
> file can ONLY be accessed by clicking the link, as opposed to, say, typing
> the link url directly into the address bar of IE.
>
> Can anyone out there suggest a good solution?
>
>
> TIA.
>


 
Reply With Quote
 
 
 
 
q
Guest
Posts: n/a
 
      12-03-2008
Gregory -

Thanks for the response. Let me see if I understand correctly. I could make
two pages with an identical UI, one protected and the other not. The public
one wouldn't ever activate the hyperlink - it would stay disabled, and when
the user checked the 'I agree' checkbox, he'd be redirected to the protected
version of the page, where the link would be enabled. The download itself
would also be protected under the same credentials.

Is this what you're describing with the first option?

re the second option: How would I implement this? Need more hints on this
one, I'm afraid.




"Gregory A. Beamer" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hve the file delivered through a web page and protect that web page by
> login. Then "log" the user in only when they agree. Then if someone hits
> the link directly, you can redirect them to the log in.
>
> Another option is an HTTP filter for download that requires credentials.
>
> --
> Gregory A. Beamer
> MVP: MCP: +I, SE, SD, DBA
>
> Blog:
> http://feeds.feedburner.com/GregoryBeamer
>
> ********************************************
> | Think Outside the Box! |
> ********************************************
> "q" <(E-Mail Removed)> wrote in message
> news:%23WBh%(E-Mail Removed)...
>> Hi, all -
>>
>> Sort of a noob question, I suppose...
>>
>> I have a file I want to make available for download from my site. I want
>> to make sure people check a checkbox first, though, saying they agree to
>> license terms. At the moment, I'm using an asp:HyperLink and
>> enabling/disabling it in response to the checkbox change. Works fine,
>> except there's really nothing to prevent someone from posting the url
>> from the hyperlink elsewhere and allowing people to download my file,
>> bypassing the license terms.
>>
>> Ideally, I'd like to have the same UI as I do now - a checkbox and an
>> asp:HyperLink - but have the download implemented in such a way that the
>> file can ONLY be accessed by clicking the link, as opposed to, say,
>> typing the link url directly into the address bar of IE.
>>
>> Can anyone out there suggest a good solution?
>>
>>
>> TIA.
>>

>



 
Reply With Quote
 
Peter Bromberg [C# MVP]
Guest
Posts: n/a
 
      12-04-2008
If you insist on having a hyperlink in the page, you may always run the risk
of somebody doing "View Source" and grabbing the link. What you can do is
when the checkbox is checked (Autopostback =true) then on the postback, you
can use Response.ContentType = "whatever", combined with Response.WriteFile
to send the file without the user having any idea of what the "link" is.
There are other similar methods as well.
Peter
"q" <(E-Mail Removed)> wrote in message
news:%23WBh%(E-Mail Removed)...
> Hi, all -
>
> Sort of a noob question, I suppose...
>
> I have a file I want to make available for download from my site. I want
> to make sure people check a checkbox first, though, saying they agree to
> license terms. At the moment, I'm using an asp:HyperLink and
> enabling/disabling it in response to the checkbox change. Works fine,
> except there's really nothing to prevent someone from posting the url from
> the hyperlink elsewhere and allowing people to download my file, bypassing
> the license terms.
>
> Ideally, I'd like to have the same UI as I do now - a checkbox and an
> asp:HyperLink - but have the download implemented in such a way that the
> file can ONLY be accessed by clicking the link, as opposed to, say, typing
> the link url directly into the address bar of IE.
>
> Can anyone out there suggest a good solution?
>
>
> TIA.
>


 
Reply With Quote
 
q
Guest
Posts: n/a
 
      12-04-2008
Hi, Peter -

This sounds like exactly what I'm looking for.

I'll look at the docs this evening and see if I can get something up and
running. I may be back.

Thanks for the help!





"Peter Bromberg [C# MVP]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> If you insist on having a hyperlink in the page, you may always run the
> risk of somebody doing "View Source" and grabbing the link. What you can
> do is when the checkbox is checked (Autopostback =true) then on the
> postback, you can use Response.ContentType = "whatever", combined with
> Response.WriteFile to send the file without the user having any idea of
> what the "link" is. There are other similar methods as well.
> Peter
> "q" <(E-Mail Removed)> wrote in message
> news:%23WBh%(E-Mail Removed)...
>> Hi, all -
>>
>> Sort of a noob question, I suppose...
>>
>> I have a file I want to make available for download from my site. I want
>> to make sure people check a checkbox first, though, saying they agree to
>> license terms. At the moment, I'm using an asp:HyperLink and
>> enabling/disabling it in response to the checkbox change. Works fine,
>> except there's really nothing to prevent someone from posting the url
>> from the hyperlink elsewhere and allowing people to download my file,
>> bypassing the license terms.
>>
>> Ideally, I'd like to have the same UI as I do now - a checkbox and an
>> asp:HyperLink - but have the download implemented in such a way that the
>> file can ONLY be accessed by clicking the link, as opposed to, say,
>> typing the link url directly into the address bar of IE.
>>
>> Can anyone out there suggest a good solution?
>>
>>
>> TIA.
>>

>



 
Reply With Quote
 
Gregory A. Beamer
Guest
Posts: n/a
 
      12-04-2008
To an extent, you are correct. I am sugesting a bit of an "outside the box"
solution that is quick and easy to implement.

What you do is make sure the download "page" can only be hit by an
authenticated user. You then "authenticate" them with the button click. You
can then set up this folder with a web.config that redirects the person to
the page with the accept if they try to hit it directly. The page sees them
unauthenticated and boom.

Now, if you already have a secured section, you will have to get into roles,
as any authenticated user can bypass. This might not be good and is
something I did not think through initially.

But, you can alter this pattern to look for something on the user's
"profile". Borrowing from an old ASP methodology, you can do something like
this for the "download" page:

Page_Load

if(Session["AcceptedDownload"])
{
//Set mime type
Response.ContentType = "{your type}";

//Get file here
//Stream file
}
else
{
//redirect to accept "page"
}

now, the accept page could actually be the same page, if you want to custom
build the page with code.

The benefit here is you can use a login section and still have the download
protected. It will require a bit more code and you will be storing the
information somewhere for acceptance (cookie, session, etc.).

Another option is to use something like Silverlight as your "download
manager". You then have full control over whether the user sees the download
link. The same can be done with ActiveX (although the install is a pain),
Flash, Java applets, etc.

These are just some ideas that can work for you.

--
Gregory A. Beamer
MVP: MCP: +I, SE, SD, DBA

Blog:
http://feeds.feedburner.com/GregoryBeamer

********************************************
| Think Outside the Box! |
********************************************
"q" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
> Gregory -
>
> Thanks for the response. Let me see if I understand correctly. I could
> make two pages with an identical UI, one protected and the other not. The
> public one wouldn't ever activate the hyperlink - it would stay disabled,
> and when the user checked the 'I agree' checkbox, he'd be redirected to
> the protected version of the page, where the link would be enabled. The
> download itself would also be protected under the same credentials.
>
> Is this what you're describing with the first option?
>
> re the second option: How would I implement this? Need more hints on this
> one, I'm afraid.
>
>
>
>
> "Gregory A. Beamer" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Hve the file delivered through a web page and protect that web page by
>> login. Then "log" the user in only when they agree. Then if someone hits
>> the link directly, you can redirect them to the log in.
>>
>> Another option is an HTTP filter for download that requires credentials.
>>
>> --
>> Gregory A. Beamer
>> MVP: MCP: +I, SE, SD, DBA
>>
>> Blog:
>> http://feeds.feedburner.com/GregoryBeamer
>>
>> ********************************************
>> | Think Outside the Box! |
>> ********************************************
>> "q" <(E-Mail Removed)> wrote in message
>> news:%23WBh%(E-Mail Removed)...
>>> Hi, all -
>>>
>>> Sort of a noob question, I suppose...
>>>
>>> I have a file I want to make available for download from my site. I want
>>> to make sure people check a checkbox first, though, saying they agree to
>>> license terms. At the moment, I'm using an asp:HyperLink and
>>> enabling/disabling it in response to the checkbox change. Works fine,
>>> except there's really nothing to prevent someone from posting the url
>>> from the hyperlink elsewhere and allowing people to download my file,
>>> bypassing the license terms.
>>>
>>> Ideally, I'd like to have the same UI as I do now - a checkbox and an
>>> asp:HyperLink - but have the download implemented in such a way that the
>>> file can ONLY be accessed by clicking the link, as opposed to, say,
>>> typing the link url directly into the address bar of IE.
>>>
>>> Can anyone out there suggest a good solution?
>>>
>>>
>>> TIA.
>>>

>>

>
>


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Rotating my shield harmonics MCSE 16 06-13-2005 03:23 PM
Using Interfaces to shield of custom data objects ru Java 5 06-24-2004 07:20 PM
Install Shield Sarah Dunne Microsoft Certification 1 09-19-2003 10:59 AM
Ad Shield - searching blocked list Ima Goodlay Computer Support 2 09-11-2003 10:04 PM
Install Shield David Waz... ASP .Net 1 07-10-2003 07:52 AM



Advertisments