Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles
(untagged)

Protect files for download

0.00/5 (No votes)
27 Nov 2007 1  
keep your uploaded files secury, preventing download from users that have the full path

Introduction

Maybe sometimes you need to protect files for download just is a user is Loged in your web application. But if some user know the full url they can download your files. This article will help you to protect files in a folder inside your web application

Screenshot - errordownload.jpg
(FIGURE 1)

Background

Just let your user upload files but not download directly from a full URL like this

http://localhost/Development/upload/uploads/document.pdf

1. First you need to create your web application

2. Create a folder where you want to upload files in my case I will user UPLOADS
3. In IIS go to your application, and select the UPLOADS folder

4. Right click and select properties

5. Select directory tab, be sure to select ONLY allow Write access. This step will allow you to upload files to this folder.

Screenshot - iisconfig.jpg

Is some user what to get the file entering the full URL, they will have an error (see figure 1)

6. Insert a Link Button or a button (or whatever you want throw the download)

7. In the web.config insert the following (if you don't want to let hardcode the directory)

<appSettings>
    <add key="uploadDirectory" value="uploads" />
</appSettings>

8. Then, you just have to write the function for download. (see using the code section)

Using the code

A brief description of how to use the article or code. The class names, the methods and properties, any tricks or tips.

Blocks of code should be set as style "Formatted" like this:

Private Sub LinkButton1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles LinkButton1.Click
    downloadfile("document.pdf") '
End Sub


'This is the function that you have to use
Private Function downloadfile(ByVal strFile As String)
    Dim fs As FileStream
    Dim strContentType As String
    ' This is the important part, because you going to use the local path 
    'to get the file
    Dim strPath = Me.Server.MapPath(System.Configuration.ConfigurationSettings.AppSettings("uploadDirectory")) & "\"
    Dim strFileName As String = strFile
    fs = File.Open(strPath & strFileName, FileMode.Open)
    Dim bytBytes(fs.Length) As Byte
    fs.Read(bytBytes, 0, fs.Length)
    fs.Close()
    Response.AddHeader("Content-disposition","attachment; filename=" & strFileName)
    Response.ContentType = "application/octet-stream"
    Response.BinaryWrite(bytBytes)
    Response.End()
    Return True
End Function

I tested this function with a file size of 300 MB and works fine!, but with a file of 650 MB we have some problems (memory problems).

If all works file you have to see this screen

Screenshot - downloadFile.jpg

Points of Interest

For Upload files to your site follow this links, this is another function that I made before
and can help... (cruzagr3 source code)

http://www.soloasp.com.ar/vermensaje2.asp?idmensaje=23643&idforo=3

History

I will be adding another thing soon...

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here