none
preventing downloads through URL RRS feed

  • Question

  • Hello,

    I'm not sure where this goes so I'm posting it here. Sorry if this is wrong.

    I have a website at http://www.mm-theory.com. On that website is a PDF you can download:

    http://www.mm-theory.com/The%20Nuts%20and%20Bolts%20of%20Consciousness%20-%20Volume%20I.pdf

    It is meant to be downloaded through paypal from the buy page: http://www.mm-theory.com/buy.aspx

    But since it's available through the URL, anyone can bypass paypal and download it directly.

    How do I prevent this? I wish to block people from downloading through the ULR but still allow for downloads if it is paid for through paypal. How can this be done?

    I am running IIS 6.0.

    Thanks.

    Sunday, July 10, 2016 4:36 PM

Answers

  • Greetings Gib,

    Sorry for being relative short; the point would be to stream the file from another non-public location...
    Or to make it more to the point; "http://www.mm-theory.com/GetBook.aspx" would check the session-guide, then decided which book from "D:/library" it should stream towards the user.
    Just grand the IIS account read-privileges on the appropriate drive.

    Response.Clear();
    Response.ContentType = "application/pdf";
    Response.AppendHeader("Content-Disposition", "attachment; filename=foo.pdf");
    Response.TransmitFile("D:/Library/foo.pdf");
    Response.End(); 

    But to implement it behind Paypal without an login, will be tricky.
    Paypal is not instant and so you can't really decided when to grant users access.

    But let's for the conversation assume paypal is a direct payment;
    Then depending on the outcome of the session, set a flag in the session and redirect them to the download page.
    There check the flag, and change the content to stream the PDF.

    Secondly, send an email with a random guid that identifies that 'user' so he can return in a later time by clicking the email link.

    with kind regards,

    Sebastian

    Tuesday, July 12, 2016 6:33 AM

All replies

  • Greetings Gib,

    The easiest way is to create a standard page; that first checks if the user is logged in...
    then change the content to  "application/pdf" (will allow open in browser).
    And then stream the file towards the client.

    Sebastian

    Sunday, July 10, 2016 5:13 PM
  • Greetings Gib,

    The easiest way is to create a standard page; that first checks if the user is logged in...
    then change the content to  "application/pdf" (will allow open in browser).
    And then stream the file towards the client.

    Sebastian

    Thanks for your suggestion Sebastian, but I'm not sure how that will help. The user can still go to http://www.mm-theory.com/The%20Nuts%20and%20Bolts%20of%20Consciousness%20-%20Volume%20I.pdf

    My website does not have login.

    I would like the user to get the book through paypal, not through streaming directly from my site. If I could, I'd prevent any streaming of any files from my site period. <-- This is what I'm asking for.

    Tuesday, July 12, 2016 3:22 AM
  • Greetings Gib,

    Sorry for being relative short; the point would be to stream the file from another non-public location...
    Or to make it more to the point; "http://www.mm-theory.com/GetBook.aspx" would check the session-guide, then decided which book from "D:/library" it should stream towards the user.
    Just grand the IIS account read-privileges on the appropriate drive.

    Response.Clear();
    Response.ContentType = "application/pdf";
    Response.AppendHeader("Content-Disposition", "attachment; filename=foo.pdf");
    Response.TransmitFile("D:/Library/foo.pdf");
    Response.End(); 

    But to implement it behind Paypal without an login, will be tricky.
    Paypal is not instant and so you can't really decided when to grant users access.

    But let's for the conversation assume paypal is a direct payment;
    Then depending on the outcome of the session, set a flag in the session and redirect them to the download page.
    There check the flag, and change the content to stream the PDF.

    Secondly, send an email with a random guid that identifies that 'user' so he can return in a later time by clicking the email link.

    with kind regards,

    Sebastian

    Tuesday, July 12, 2016 6:33 AM
  • Thanks Sebastian, I'll look into that.
    Wednesday, July 13, 2016 2:58 AM
  • Dear gib,

    Sorry to trouble you and just want to know the workaround that provided by Sebastian is suitable for your issue or not? If it works, please mark it as answer, and it will help others who have the same or similar to easier search this solution.

    BTW, if you used the asp.net to develop your website and since our forum is to discuss the .NET Framework Setup and Servicing, it's better to raise it up on this forum: https://forums.asp.net/ for dedicated information, you will get a more professional technology support from there, and thank you for your understanding.

    Best regards,

    Sara


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. Click HERE to participate the survey.

    Thursday, July 14, 2016 7:34 AM
    Moderator