M
Mike Kingscott
Hi there,
I'm writing an app in which a punter buys some PDFs online. After
purchasing said PDFs, they will be given a token (bless them Guids) to
go to a download .ASPX page from which they can download the PDFs.
I'm planning to use Forms Authentication to protect the .ASPX page
which gives them the list of PDFs they can download (driven by the
token, which will be their order number or similar). The page will
also only allow 10 loads and the list of PDFs will only be available
for 24 hours to cut down on other people obtaining the PDFs.
And there's the rub: for the PDFs to be downloaded from the site, they
have to exist in the site. And if that's the case, what's to prevent
people figuring out (right-click, view properties of the hyperlink)
the URL of the PDF and going directly to the PDFs? I was hoping that
Forms Authentication would protect all files in a folder, but it
appears not to do so - I directly download a PDF file in a folder
protected by Forms Authentication, guess it only works for .aspx
files?
So, does anyone have any suggestions? I did think about creating a
separate folder for each order (i.e. each Guid), and then copying the
PDFs into that, but the files are quite large, and then a job on the
server would have to run each day to wipe old folders, etc.
Yours in hope,
Mike Kingscott
I'm writing an app in which a punter buys some PDFs online. After
purchasing said PDFs, they will be given a token (bless them Guids) to
go to a download .ASPX page from which they can download the PDFs.
I'm planning to use Forms Authentication to protect the .ASPX page
which gives them the list of PDFs they can download (driven by the
token, which will be their order number or similar). The page will
also only allow 10 loads and the list of PDFs will only be available
for 24 hours to cut down on other people obtaining the PDFs.
And there's the rub: for the PDFs to be downloaded from the site, they
have to exist in the site. And if that's the case, what's to prevent
people figuring out (right-click, view properties of the hyperlink)
the URL of the PDF and going directly to the PDFs? I was hoping that
Forms Authentication would protect all files in a folder, but it
appears not to do so - I directly download a PDF file in a folder
protected by Forms Authentication, guess it only works for .aspx
files?
So, does anyone have any suggestions? I did think about creating a
separate folder for each order (i.e. each Guid), and then copying the
PDFs into that, but the files are quite large, and then a job on the
server would have to run each day to wipe old folders, etc.
Yours in hope,
Mike Kingscott