How to protect downloadable files

  • Thread starter Thread starter Alan Silver
  • Start date Start date
A

Alan Silver

Hello,

I am writing a site where people can buy ebooks. I want to have a system
whereby they can download the file(s) once they have paid, but
(obviously) not before. I also want some sort of protection to stop
people simply posting the download link around the 'net and have every
Thomas, Richard and Harold grabbing them!

Any suggestions for this?

I was contemplating using URL rewriting to provide a temporary link that
contained the date encoded, and have it only work for (say) 24 hours
after they pay. If they want it after that, they have to ask me
manually. That should deter people who haven't paid. I'm not sure how
good a system this is though.

Bear in mind that I'm not going to drive myself mad over this. I can't
stop people simply distributing the ebooks themselves, so it's not worth
expending huge efforts on protecting the download. Having said that, I
want something that will deter petty thieves.

Any suggestions welcome. TIA
Alan
 
The easiest way is to create Download.aspx page

which will evaluate the criteria (like if user logged in and has permission
to download this book ) and then redirect to error.aspx if criteria failed
or if success use Response.WriteFile to output file.

PS: You will need to add folowing code

Response.Buffer = false
Response.AddHeader "Content-Disposition","attachment; filename=myebook.pdf"

So users will be prompted to save file myebook.pdf

George.
 
in Computer management console ->default website select properties of your
website:
select the directory tab
click the configuration button and make a new entry for the file extensoin
you want to be handled by ASP.NET
 
Thanks to everyone who replied. So far, it sounds like you are all
suggesting basically what I had in mind, so I'll carry on with that
idea.

Thanks

George Ter-Saakov said:
The easiest way is to create Download.aspx page

which will evaluate the criteria (like if user logged in and has permission
to download this book ) and then redirect to error.aspx if criteria failed
or if success use Response.WriteFile to output file.

PS: You will need to add folowing code

Response.Buffer = false
Response.AddHeader "Content-Disposition","attachment; filename=myebook.pdf"

So users will be prompted to save file myebook.pdf

George.
 
Back
Top