Prevent users from downloading a file using "direct targeting" URLs?

Question

Hi!
Well I have always wondered how this is done...how do you actually prevent a user from beeing able to download a file by directly targeting the URL to the file in the adressbar?
Lets for instance say we have the file "File.zip" and its placed in the root directory for a domain called myfiles.com...if we just put the "File.zip"-file directly in the very root, then we would be able to type www.myfiles.com/File.zip and then we would be able to download the file...but how do I prevent that?..is there a way?..cause maybe I just want special users to be able to download that file..
To put it in a more realistic case....lets say we actually have created the above site, but in this case you can actually buy the file "File.zip"...then you only want customers to be able to download it who are register users and preventing people from simply typeing the URL..

Any ideas about how to prevent this?

Thanks in advance!

Dipa Ahuja · Answer

hi.. dont use url for file download.. its easy for users to download.. if you want that only logged in users can download it then... for ex. take two pages default1, default2 suppose default1 contains one button say : .cs protected void Button1_Click(object sender, EventArgs e) { Response.Redirect("Default2.aspx?file=" + " File.zip "); } Default2.aspx .cs protected void Page_Load(object sender, EventArgs e) { //Here Write the code for logged in user if the user is not logged in then redirect the page to login.aspx string strRequest = Request.QueryString["file"]; if (strRequest != "") { //get absolute path of the file // the file is passed like a web address /images/myimage.jpg string path = Server.MapPath(strRequest); //get file object as FileInfo System.IO.FileInfo file = new System.IO.FileInfo(path); //-- if the file exists on the server if (file.Exists) //set appropriate headers { Response.Clear(); Response.AddHeader("Content-Disposition", "attachment; filename=" + file.Name); Response.AddHeader("Content-Length", file.Length.ToString()); Response.ContentType = "application/octet-stream"; // write file to browser Response.WriteFile(file.FullName); Response.End(); } else { // if file does not exist Response.Write("This file does not exist."); } } else { //nothing in the URL as HTTP GET Response.Write("Please provide a file to download."); } } If this help you then please mark my answer

Satyapriya Nayak · Answer

Thanks Diya mam ,very good answer.

Sam Hobbs · Answer

I assume there are many ways to do that but one way might be to not put the file anywhere that can be accessed directly by putting the file in the address bar. Instead make a page that only authorized people can use to download the file from someplace that only that page can be used to download it.

Prevent users from downloading a file using "direct targeting" URLs?

Amit Gupta