Download Security

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

jigar_a_pandya@hotmail.com - 03 Oct 2005 12:16 GMT

WHAT SHOULD I DO IF I WANT TO AUTHENTICATE THE DOWNLODING USER?

I AM USING ASP.NET AND C# TO CREATE MY WEBPAGES.

THE SCENARIO IS SOME WHAT LIKE THIS...

1)
FROM MY SITE IF SOME ONE IS DOWNLADING HE MUST HAVE CLICK ON REFRENCE
LINK.
EXAMPLE :-
IF MY SITE IS HAVING
URL:-<A HREF"HTTP://MTWEB/MYSOFTWARE.MIS>CLICK HERE TO DONLOAD<A> AND
HE CLICK AND THEN DOWNLOAD.

<<ALLOWED>>

BUT

2)WRITE THE LINK HTTP://MTWEB/MYSOFTWARE.MIS IN BROWSER OR ANY OTHER
APPLICATION THAN IT SHOULD NOT ALLOW.

<<NOT ALLOWED>>

THANKS IN ADVANCE.

Reply to this Message

Jas - 05 Oct 2005 19:11 GMT

I can think of two fairly simple ways:

1. You can check to see what the referrer field is in the header of the HTTP
request. (can be easily faked)
2. You can put something in the session object once they hit the page where
the link is provided. And on the page where you download the actual file
ensure that the user has that certain something in their session object.

jas

> WHAT SHOULD I DO IF I WANT TO AUTHENTICATE THE DOWNLODING USER?
>
[quoted text clipped - 20 lines]
>
> THANKS IN ADVANCE.

Reply to this Message

Nicole Calinoiu - 07 Oct 2005 14:26 GMT

Exactly which of the two following scenarios are you trying to prevent:

1. Download of the file by someone who has not viewed your page, or
2. Download of the file by an unauthenticated and/or unauthorized user?

> WHAT SHOULD I DO IF I WANT TO AUTHENTICATE THE DOWNLODING USER?
>
[quoted text clipped - 20 lines]
>
> THANKS IN ADVANCE.

Reply to this Message

Download Security

Free Magazines