Geek asks and answers

Prevention of direct access, but permission to download files from one page

I am developing a site on which there are several files that I want to download only if users have sufficient access to my conditions.

In principle, I have a page on which there is a download link, but the download link will be displayed and activated only if the user has the correct roles and they are associated with the correct properties in my database.

The problem I am facing is that I don’t want users to be able to access the file directly, for example, if they went to www.mysite.com/downloads/myfile.pdf - I don’t want them to be able to get the file, although I want to be able to allow them to download it as soon as they are logged in, and I verified that they are following my own rules and regulations.

I was going to do it like this, but I believe that with deactivated permissions I cannot do it.

System.IO.FileInfo file = new System.IO.FileInfo(path);
Response.Clear();
Response.AddHeader("Content-Disposition", "attachment; filename=" + file.Name);
Response.AddHeader("Content-Length", file.Length.ToString());
Response.ContentType = "application/octet-stream";
Response.WriteFile(file.FullName);
Response.End();

Is it possible to achieve my goals? Hope I have explained enough.

thank

+3
source share
3 answers

I am sure that you are on the right track.

Here is a simple example:

Response.ContentType = "text/txt";
Response.AppendHeader("Content-Disposition", "attachment; filename=" + "file.txt");
Response.Write(file.ToString());
Response.End();

---- EDIT ---- There are other good samples:

http://www.dotnetscraps.com/dotnetscraps/post/4-ways-to-send-a-PDF-file-to-the-IE-Client-in-ASPNET-20.aspx

<%@ Page Language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
    protected void Button1_Click(object sender, EventArgs e)
    {
        Response.ContentType = "application/pdf";
        Response.Clear();
        Response.TransmitFile("UML.pdf");
        Response.End();
    }
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1" runat="server">
    <title>Way 1</title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
        <asp:Button ID="Button1" runat="server" OnClick="Button1_Click" Text="Send PDF" /><br />
        <br />
        This page will refresh itself with a PDF file opened in the same instance of IE itself. 
        Users will not get prompted to Save/Open/Cancel the PDF file.</div>
    </form>
</body>
</html>
+2

. , HTTP-.

, ( - "downloads" ), web.config. HTTP- , , . , , -.

Microsoft:

" HTTP-: Security. , HTTP- - XML ."

- . - -, , . , , .

+2

If you allow anonymity, the user is a guest, and ASP.NET runs under its own permissions. This page shows the minimum permissions. This way, ASP.NET can access the file and server. I have a page that passes the file id and returns the file. But I use

Response.TransmitFile(filePath);

Aspmermations

0
source

More articles:


All Articles