Initiate Masked File Download

[Guest]

I am developming a web application in ASP.NET (VB) and am looking to develop
functionality where a user clicks on a link to download a file but at no
point can the user see the actual URL link to the file.

When the file is originally uploaded to the webserver it will be given a
unique random filename and the link to the file + description sill be stored
in sql server.

Basically the system must be secure so that a user MUST go through the
asp.net application to download the file and at no point should a user be
able to guess a URL to initiate a file download or access the file via the
history of the browser.

The system must also be X browser compatible.

I have a few ideas on how to do this already but I would appreciate feedback
and ideas from other developers who have had experience with this particular
issue.


Thanks

 

[Cowboy \(Gregory A. Beamer\)]

All you need is an "engine" page that provides the download. IT will have to
change MIME types to the proper type for the file and serve the binary
stream. As long as the files are not too large, everything should be fine.
If you are dealing with very large files, they may fail to download due to
timeouts.

 

[Steven Cheng[MSFT]]

Thanks for Gregory's input.

Hi Jwf,

As Gregory has mentioned, you can create an ASP.NET page which just will
take some querystring parameter(to indicate the parameter for locate the
file in database or disk), and then use the System.IO's code to read the
file content and flush it into page's response stream. Also, you need to
add some http headers to let the client browser prompt user for file
download.

For example:

=====================
protected void Page_Load(object sender, EventArgs e)
{
Response.Clear();
Response.ClearHeaders();

Response.ContentType = "application/octet-stream";

string path = "d:\\fileroot\\" + Request.QueryString["fn"];

Response.WriteFile(path);

Response.End();
}
=======================

You can even add access control checking against the page so that only
limited users and access it. Here are some web articles also discussing on
this:


#ASP.NET Tip: Control Access to a File Download
http://www.codeguru.com/cpp/i-n/internet/filetransfer/article.php/c12529/


#How To Write Binary Files to the Browser Using ASP.NET and Visual C# .NET
http://support.microsoft.com/kb/306654/en-us


Hope this helps also.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================



This posting is provided "AS IS" with no warranties, and confers no rights.