Preventing bookmarking

[Guest]

We have some link buttons that allow the user to "view" a PDF file. That is, the link runs server-side code that generates the virtual path to the PDF file in question and then does a Response.Redirect to the file

The problem is, when the file is opened via a combination of IE and Adobe Acrobat, there is nothing to prevent the user from bookmarking that link and returning to it later without logging in to the site appropriately

Is there some way to "munge" the virtual path and file so that the bookmark, if created, is invalid

Or, better still, is there some way to prevent that bookmark from ever taking place at all

Thanks.

 

[Peter Morris [Droopy eyes software]]

Don't give them access to the file, have a script return the file as its
output instead. That way you can check access in the script.

 

[John Saunders]

We have some link buttons that allow the user to "view" a PDF file. That

is, the link runs server-side code that generates the virtual path to the
PDF file in question and then does a Response.Redirect to the file.

The problem is, when the file is opened via a combination of IE and Adobe

Acrobat, there is nothing to prevent the user from bookmarking that link and
returning to it later without logging in to the site appropriately.

Is there some way to "munge" the virtual path and file so that the

bookmark, if created, is invalid?

Or, better still, is there some way to prevent that bookmark from ever

taking place at all?

You can't prevent bookmarking any more than you could prevent the user from
writing down the URL and typing it into the browser later. What you can do
is either to generate the .pdf file as the output of the page (as another
poster suggested), or you can change the script mappings in IIS so that .PDF
files pass through ASP.NET. That way, whatever authorization you use for
..aspx files will also work for your .pdf files.