Click here to Skip to main content
15,885,244 members
Search within:


Articles / Web Development / ASP.NET
 
Article

Protect files for download

Rate me:
Please Sign up or sign in to vote.
3.00/5 (6 votes)
27 Nov 20072 min read 58.5K   41   5
keep your uploaded files secury, preventing download from users that have the full path

Introduction

Maybe sometimes you need to protect files for download just is a user is Loged in your web application. But if some user know the full url they can download your files. This article will help you to protect files in a folder inside your web application

Screenshot - errordownload.jpg
(FIGURE 1)

Background

Just let your user upload files but not download directly from a full URL like this

http://localhost/Development/upload/uploads/document.pdf

1. First you need to create your web application

2. Create a folder where you want to upload files in my case I will user UPLOADS
3. In IIS go to your application, and select the UPLOADS folder

4. Right click and select properties

5. Select directory tab, be sure to select ONLY allow Write access. This step will allow you to upload files to this folder.

Screenshot - iisconfig.jpg

Is some user what to get the file entering the full URL, they will have an error (see figure 1)

6. Insert a Link Button or a button (or whatever you want throw the download)

7. In the web.config insert the following (if you don't want to let hardcode the directory) 

<appSettings>
    <add key="uploadDirectory" value="uploads" />
</appSettings>

8. Then, you just have to write the function for download. (see using the code section)

Using the code

A brief description of how to use the article or code. The class names, the methods and properties, any tricks or tips.

Blocks of code should be set as style "Formatted" like this:

ASP.NET
Private Sub LinkButton1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles LinkButton1.Click
    downloadfile("document.pdf") '
End Sub


'This is the function that you have to use
Private Function downloadfile(ByVal strFile As String)
    Dim fs As FileStream
    Dim strContentType As String
    ' This is the important part, because you going to use the local path 
    'to get the file
    Dim strPath = Me.Server.MapPath(System.Configuration.ConfigurationSettings.AppSettings("uploadDirectory")) & "\"
    Dim strFileName As String = strFile
    fs = File.Open(strPath & strFileName, FileMode.Open)
    Dim bytBytes(fs.Length) As Byte
    fs.Read(bytBytes, 0, fs.Length)
    fs.Close()
    Response.AddHeader("Content-disposition","attachment; filename=" & strFileName)
    Response.ContentType = "application/octet-stream"
    Response.BinaryWrite(bytBytes)
    Response.End()
    Return True
End Function

I tested this function with a file size of 300 MB and works fine!, but with a file of 650 MB we have some problems (memory problems).

If all works file you have to see this screen

Screenshot - downloadFile.jpg

Points of Interest

For Upload files to your site follow this links, this is another function that I made before
and can help... (cruzagr3 source code)

http://www.soloasp.com.ar/vermensaje2.asp?idmensaje=23643&idforo=3

History

I will be adding another thing soon...

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here


Written By
cruzagr3 networks
Web Developer
El Salvador El Salvador
This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.

Comments and Discussions

 
First Prev Next
GeneralBy default ASP.Net allows upload for file smaller than 4MB Pin
petersgyoung9-Dec-07 14:44
petersgyoung9-Dec-07 14:44 
GeneralMemory Solution and Caveat Pin
TrendyTim9-Dec-07 12:37
TrendyTim9-Dec-07 12:37 
The problem is you are loading the entire file into memory before sending it.

If you load it in 2k chunks, transmit and flush it you should be able to send 20gig files without a problem (you can also throw in a Thread.sleep to limit max speed). Alternately you can use the Response.TransmitFile() method.

The only real problem with any of these methods is by default ASP.Net only processes 20 page requests at once so if you have 20 people using this download page your site will not respond until a request thread frees up.

In IIS7 things will hopefully be much better, with the ability to handle file requests without having to assign the file type to asp.net so we should (hopefully) be able to reject the request or let IIS send the file instead of ASP.Net.
Generalblow up memory for large files Pin
Huisheng Chen27-Nov-07 22:00
Huisheng Chen27-Nov-07 22:00 
Generalthanks. Pin
Michael Sync27-Nov-07 19:11
Michael Sync27-Nov-07 19:11 
GeneralUse Third Party Pin
adnanrafiq27-Nov-07 23:47
adnanrafiq27-Nov-07 23:47 
Last Visit: 31-Dec-99 18:00     Last Update: 24-Apr-24 15:38Refresh1

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink
Advertise
Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Posted 27 Nov 2007

Article Copyright 2007 by cruzagr3 networks
Everything else Copyright © CodeProject, 1999-2024

Web04 2.8:2024-04-02:1