Click here to Skip to main content
15,901,373 members
Search within:


Articles / Web Development / ASP.NET
 
Article

Protect files for download

Rate me:
Please Sign up or sign in to vote.
3.00/5 (6 votes)
27 Nov 20072 min read 58.5K   41   5
keep your uploaded files secury, preventing download from users that have the full path

Introduction

Maybe sometimes you need to protect files for download just is a user is Loged in your web application. But if some user know the full url they can download your files. This article will help you to protect files in a folder inside your web application

Screenshot - errordownload.jpg
(FIGURE 1)

Background

Just let your user upload files but not download directly from a full URL like this

http://localhost/Development/upload/uploads/document.pdf

1. First you need to create your web application

2. Create a folder where you want to upload files in my case I will user UPLOADS
3. In IIS go to your application, and select the UPLOADS folder

4. Right click and select properties

5. Select directory tab, be sure to select ONLY allow Write access. This step will allow you to upload files to this folder.

Screenshot - iisconfig.jpg

Is some user what to get the file entering the full URL, they will have an error (see figure 1)

6. Insert a Link Button or a button (or whatever you want throw the download)

7. In the web.config insert the following (if you don't want to let hardcode the directory) 

<appSettings>
    <add key="uploadDirectory" value="uploads" />
</appSettings>

8. Then, you just have to write the function for download. (see using the code section)

Using the code

A brief description of how to use the article or code. The class names, the methods and properties, any tricks or tips.

Blocks of code should be set as style "Formatted" like this:

ASP.NET
Private Sub LinkButton1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles LinkButton1.Click
    downloadfile("document.pdf") '
End Sub


'This is the function that you have to use
Private Function downloadfile(ByVal strFile As String)
    Dim fs As FileStream
    Dim strContentType As String
    ' This is the important part, because you going to use the local path 
    'to get the file
    Dim strPath = Me.Server.MapPath(System.Configuration.ConfigurationSettings.AppSettings("uploadDirectory")) & "\"
    Dim strFileName As String = strFile
    fs = File.Open(strPath & strFileName, FileMode.Open)
    Dim bytBytes(fs.Length) As Byte
    fs.Read(bytBytes, 0, fs.Length)
    fs.Close()
    Response.AddHeader("Content-disposition","attachment; filename=" & strFileName)
    Response.ContentType = "application/octet-stream"
    Response.BinaryWrite(bytBytes)
    Response.End()
    Return True
End Function

I tested this function with a file size of 300 MB and works fine!, but with a file of 650 MB we have some problems (memory problems).

If all works file you have to see this screen

Screenshot - downloadFile.jpg

Points of Interest

For Upload files to your site follow this links, this is another function that I made before
and can help... (cruzagr3 source code)

http://www.soloasp.com.ar/vermensaje2.asp?idmensaje=23643&idforo=3

History

I will be adding another thing soon...

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here


Written By
cruzagr3 networks
Web Developer
El Salvador El Salvador
This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.

Comments and Discussions

 
First Prev Next
GeneralBy default ASP.Net allows upload for file smaller than 4MB Pin
petersgyoung9-Dec-07 14:44
petersgyoung9-Dec-07 14:44 
GeneralMemory Solution and Caveat Pin
TrendyTim9-Dec-07 12:37
TrendyTim9-Dec-07 12:37 
Generalblow up memory for large files Pin
Huisheng Chen27-Nov-07 22:00
Huisheng Chen27-Nov-07 22:00 
Generalthanks. Pin
Michael Sync27-Nov-07 19:11
Michael Sync27-Nov-07 19:11 
GeneralUse Third Party Pin
adnanrafiq27-Nov-07 23:47
adnanrafiq27-Nov-07 23:47 
I encountered the same problem weeks ago, after research i found that, for best secrity of static files, in IIS 6.0, one should rely on "HotLinkBlocker", which provides better performance, with no memory usage, just like simpe file browsing is iis, one should go for solutions available in asp.net, like httpHandlers, or httpmodules, or streaming files in memory then sending to client, these are 3 possible solutions in .net, but all gets stuck on bigger files, example if user needs to browse file by clicking a link, he want to see first page immediatley, but in streaming case, first the file gets downloaded then he can see first page, which is not good.
The good solution is IIS i think is httphandler, registering extension is IIS , and intercepting requests to that extension in .net run time, perform security checks, then go for it, and use Response.TransmitFile , which provides best performance, with no memory usage.
But again for large files, with security , and user can see file immediately use HotLinkBlocker, which installs over IIS 6.0, and generates unique key and include it into path of file.....thanks,adnan

Many Thanks,
Adnan Rafiq
muhammadadnanrafiq@gmail.com
Last Visit: 31-Dec-99 18:00     Last Update: 19-May-24 14:11Refresh1

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink
Advertise
Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Posted 27 Nov 2007

Article Copyright 2007 by cruzagr3 networks
Everything else Copyright © CodeProject, 1999-2024

Web03 2.8:2024-05-14:1