If you want to keep a downloadable file private to end users / customers with their username and password, everyone suggests not to put the file in the web root directory, and gives you a suggestion to change IIS settings and use
Response.TransmitFile
. When you are not having access to the server, then it will be a difficult task for you.
Where you are not having access to the server and you are permitted to upload files under your web directory only, here are some simple steps for you to restrict access to files with username and password.
Say file
myfile.zip is to be downloaded with a usersname/password validation.
Step 1: Rename
myfile.zip with
myfile.config.
Step 2: Create a page to enter username and password.
Step 3: If username and password are valid, then use the below code to transfer the file.
if (isValidUser)
{
Response.Clear();
Response.ContentType = @"application/setup";
Response.AppendHeader(@"Content-Disposition", ("attachment; filename=myfile.zip"));
Response.TransmitFile(@"myfile.config");
Response.End();
}
else
{
}
No server access is required to implement this trick. The only workaround in this is that ASP.NET will not allow access to files with extension
.config.
You are done.
Any suggestions are highly appreciated.