Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles
(untagged)

Limit Access Rights to download a file in ASP.NET

0.00/5 (No votes)
22 Feb 2010 1  
If you want to keep a downloadable file private to end users / customers with their username and password, everyone suggests not to put the file in the web root directory, and gives you a suggestion to change IIS settings and use Response.TransmitFile. When you are not having access to the...
If you want to keep a downloadable file private to end users / customers with their username and password, everyone suggests not to put the file in the web root directory, and gives you a suggestion to change IIS settings and use Response.TransmitFile. When you are not having access to the server, then it will be a difficult task for you.

Where you are not having access to the server and you are permitted to upload files under your web directory only, here are some simple steps for you to restrict access to files with username and password.

Say file myfile.zip is to be downloaded with a usersname/password validation.

Step 1: Rename myfile.zip with myfile.config.
Step 2: Create a page to enter username and password.
Step 3: If username and password are valid, then use the below code to transfer the file.

if (isValidUser)
{
    Response.Clear();
    Response.ContentType = @"application/setup";
    Response.AppendHeader(@"Content-Disposition", ("attachment; filename=myfile.zip"));
    Response.TransmitFile(@"myfile.config");
    Response.End();
}
else
{
    // prompt the web user with some message of access privileges
}



No server access is required to implement this trick. The only workaround in this is that ASP.NET will not allow access to files with extension .config.

You are done.
Any suggestions are highly appreciated.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here