Click here to Skip to main content
16,017,788 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Hi All,

good day.

I have a web application make the users to download files

i am using this code

Response.Redirect("http://xxx/xx.zip")

but the file "xx.zip" have a security, so we need to enter username and password and the internet explorer ask for username and password as well

but I need to pass the username and password with link because I did not need the user to enter the username and password


XML
I need to redirect to file but the internet explorer will ask the user for username and password and I do not need that, I need when the user click on the link then the download begin without asking for username and password

Please note that the file have NTFS security



Please advise.

Regards,

Ahmed Elaraby
Posted
Updated 2-Aug-10 13:23pm
v4
Comments
AspDotNetDev 2-Aug-10 20:19pm    
I'm not really sure what NTFS security is or how it relates to securing files per-user on a website, but you may want to look into active directory to automatically log users in. Or, you could make the query string store the username/password (which Yusuf advises against, but which may be fine if that username/password is not used for anything but to access that single file).

Have the user enter the username/password in some textboxes, store that information in the session state, redirect to a page that is capable of serving up the zip file, then have that page check the session to ensure the proper username/password exists. The URL you redirect to would look something like this:
http://www.yoursite.com/getfile.aspx?filename=xx.zip

You could even have that page ask the user for their username/password in the event that they aren't found in the session state.
 
Share this answer
 
Comments
Simon_Whale 3-Aug-10 18:08pm    
Reason for my vote of 5
sound advice i'd do it this way too
Adding the username and password to the link is bad, very very bad. Besides huge security issue. Consider this, if someone accidentally emails the link to other people, now every one has the original mailers username/password.

Consider this, allow the user to enter username and password through form (for example). Once the user is authenticated, create some kind of key and use that key to validate the username/password on the link and allow/disallow download.
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900