Simple download protection for files and document using ASP.NET / C#

Posted in .NET 2.0 | Authentication | Security at Monday, December 24, 2007 2:36 PM UTC
Really really simple. Feel free to write your own custom authentication method to fit your project context.

This is download.aspx:

<%@ Page Language="C#" AutoEventWireup="true"  CodeFile="download.aspx.cs" Inherits="download" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>Download Page</title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
    
    </div>
    </form>
</body>
</html>
and this is the code behind that file:
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

public partial class download : System.Web.UI.Page 
{

    /// 
    /// Show error to user and close response object.
    /// 
    /// 
    private void WriteError(string error) {
        Response.Write(error);
        Response.End();
    }

    /// 
    /// Check authentication ticket
    /// 
    /// 
    private bool Authenticated() {
        //whatever is a session ticket, membership provider base, container in a coded URL querystring parameters, etc..
        return true;    
    }

    private string GetRepositoryFolder() {
        System.Configuration.AppSettingsReader r = new AppSettingsReader();
        return r.GetValue("RepositoryFolder", typeof(string)).ToString();                
    }


    protected void Page_Load(object sender, EventArgs e)
    {
        if (!Authenticated()){
            WriteError("You are not allowed to download this file");
            return;
        }
        else if (Request.QueryString["id"] == null)
        {
            WriteError("Missing parameter : id");
            return;
        }       
        
        string filePath = System.IO.Path.Combine(GetRepositoryFolder(),Request.QueryString["id"]);
        System.IO.FileInfo file = new System.IO.FileInfo(filePath);
        if (!file.Exists)
        {
            WriteError("File doesn't exists");
            return;
        }
        else {
            Response.Clear();
            Response.AddHeader("Content-Disposition", "attachment; filename=" + file.Name);
            Response.AddHeader("Content-Length", file.Length.ToString());
            Response.ContentType = "application/octet-stream";
            Response.WriteFile(file.FullName);
            Response.End();
        }        
    }
}
If successfully authenticated, you will be able to directly download the file:


If not, you will get an error message:

You are not allowed to download this file

kick it on DotNetKicks.com AddThis Social Bookmark Button

Yeap, the sponsors! :-)

On this page...

Simple download protection for files and document using ASP.NET / C#

Tags

.NET 2.0 (7) .NET 3.5 (1) .NET quirks (1) .NET UI Controls (2) app.config (1) ASP.NET (2) Authentication (1) dasBlog (1) DataGridView (1) Google API (1) MVC (1) Performance (3) Productivity (1) RAM disk (1) Section Handlers (1) Security (1) Serialization (1) Visual Studio 2005 (4) YouTube (1)

Calendar

<March 2010>
SunMonTueWedThuFriSat
28123456
78910111213
14151617181920
21222324252627
28293031123
45678910
Posts in timeline

Navigation

AJAX Photo Gallery
2earth.org

Archives

March, 2009 (1)
February, 2009 (1)
January, 2009 (2)
December, 2008 (2)
December, 2007 (4)
October, 2007 (1)
July, 2005 (1)

Recommended .NET blogs

 ADO.NET team blog
 DotNetKicks.com
 Harry Pierson
 Scott Hanselman
 ScottGu's Blog

The author

Iván Loire
Iván Loire (Zaragoza, Spain)

View Ivan Loire's profile on LinkedIn
Microsoft Certified Trainer
Send mail to the author(s) E-mail

Syndication

Feed Icon