ASP.NET Tip: Control Access to a File Download

A developer, working on a Web application that allowed only registered members to access a file, recently asked me if there was any way to control how the file could be downloaded. He had to avoid using the "gray box" popup dialogs because the access was controlled via the application. The answer was yes, but the solution requires several steps.

The first step is to store the file in a folder that is not directly in the Web root but is still accessible to the Web site's user ID (IUSR_machinename, for instance). My hosting customers keep their Microsoft Access databases one level above their www folders. The Web site still has access to read and write the databases in the folder, but users can't simply download the files directly.

The coding part of this requires you to create an ASP.NET page that has no HTML component but contains a code-behind block like this one:

FileStream liveStream = new FileStream(localfilename, FileMode.Open,
                                       FileAccess.Read);

byte[] buffer = new byte[(int)liveStream.Length];
liveStream.Read(buffer, 0, (int)liveStream.Length);
liveStream.Close();

Response.Clear();
Response.ContentType = "application/octet-stream";
Response.AddHeader("Content-Length", buffer.Length.ToString());
Response.AddHeader("Content-Disposition", "attachment; filename=" +
                   originalFilename);
Response.BinaryWrite(buffer);
Response.End();

You can put this code in the OnLoad event, if you wish. The localfilename variable in the first statement is the path to the file on the server. The FileStream object (available in the System.IO library) gives you access to read a local file into the buffer that was created.

You then have to edit some information in the Response object so that the destination browser knows what to do. First, you clear the response and change the ContentType to the generic application/octet-stream. This typically causes the browser to display the Open/Save dialog. You then specify the length of the file and, if you have it, the original filename that you want to download. The example above stores the original file name in the database and changes the storage filename to one that is guaranteed to be unique.

Once you have the Response set up, you BinaryWrite your buffer to the user's browser, which causes the file to download. Once the user has downloaded the file, he or she is free to do whatever he or she wants to with it, but you at least can control access to the initial download of the file using this method.

About the Author

Eric Smith is the owner of Northstar Computer Systems, a Web-hosting company based in Indianapolis, Indiana. He is also a MCT and MCSD who has been developing with .NET since 2001. In addition, he has written or contributed to 12 books covering .NET, ASP, and Visual Basic. Send him your questions and feedback at questions@techniquescentral.com.



Comments

  • There are no comments yet. Be the first to comment!

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • On-demand Event Event Date: August 27, 2015 With the cloud enabling companies to spin up servers and stand up data stores more quickly, mobile apps can be created faster, reducing the time-to-value. But three major obstacles stand in the way for many organizations: The backlog of app project requests confronting every enterprise regardless of their internal app development capabilities Finding and employing better, faster tools to speed and simplify the process of developing those apps. The emergence of …

  • U.S. companies are desperately trying to recruit and hire skilled software engineers and developers, but there is simply not enough quality talent to go around. Tiempo Development is a nearshore software development company. Our headquarters are in AZ, but we are a pioneer and leader in outsourcing to Mexico, based on our three software development centers there. We have a proven process and we are experts at providing our customers with powerful solutions. We transform ideas into reality.

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date