Secure file download

Discussion in 'ASP.NET 2.0' started by Marina, Jul 16, 2007.

  1. Marina

    Marina

    I want customers to be able to download a file (*.exe), but only after they have paid for it. If they visit my download page, I validate their registration number, and if all is ok, I will display the download link. I could of course email it instead, but in either case, once the link is known, it can be forwarded on to others.

    If someone knows the link to the executable, how can I prevent them from accessing it if they haven't paid for it?

    Thanks,
    Marina
     
    Marina, Jul 16, 2007
    #1
  2. raymondp

    raymondp

    Have you tried considering using ASP.Net Membership/Roles provider. http://kb.discountasp.net/article.aspx?id=10413

    Once the customer pays, they should get a login and password which will take them to a secure portion of your site. You will need to insure that the .exe file is store under that protect subdirectory.
     
    raymondp, Jul 16, 2007
    #2
  3. Marina

    Marina

    I am using FormsAuthentication for the secure part of my site, with the userid's and passwords stored in my own SQL database. While my site is in development (nearly ready now) most of the site is secure, only de default page is currently accessible to anonymous users. In web.config :


     
    Marina, Jul 17, 2007
    #3
  4. vvsharma

    vvsharma

    vvsharma, Jul 17, 2007
    #4
  5. Marina

    Marina

    The http://www.rolinka.com/images/ error is not the problem. I set that myself in IIS. The problem is that any non-aspx file can be accessed by anyone despite using ASP.NET FormsAuthentication and setting deny users="*" in web.config.Will using the ASP.Net Membership/Roles provider solve this problem? I don't want to make all thechanges from FormsAuthentication to ASP.Net Membership/Roles only to find out that any non-aspx files are still accessible by anyone.
     
    Marina, Jul 18, 2007
    #5
  6. Marina

    Marina

    Marina, Jul 18, 2007
    #6

Share This Page