I want customers to be able to download a file (*.exe), but only after they have paid for it. If they visit my download page, I validate their registration number, and if all is ok, I will display the download link. I could of course email it instead, but in either case, once the link is known, it can be forwarded on to others. If someone knows the link to the executable, how can I prevent them from accessing it if they haven't paid for it? Thanks, Marina
Have you tried considering using ASP.Net Membership/Roles provider. http://kb.discountasp.net/article.aspx?id=10413 Once the customer pays, they should get a login and password which will take them to a secure portion of your site. You will need to insure that the .exe file is store under that protect subdirectory.
I am using FormsAuthentication for the secure part of my site, with the userid's and passwords stored in my own SQL database. While my site is in development (nearly ready now) most of the site is secure, only de default page is currently accessible to anonymous users. In web.config :
The screen that shows up at http://www.rolinka.com/images/ is Directory Browsing Denied error.This is an IIS setting and can be managed using the IIS manager in your control panel. Vikram DiscountASP.NET www.DiscountASP.NET
The http://www.rolinka.com/images/ error is not the problem. I set that myself in IIS. The problem is that any non-aspx file can be accessed by anyone despite using ASP.NET FormsAuthentication and setting deny users="*" in web.config.Will using the ASP.Net Membership/Roles provider solve this problem? I don't want to make all thechanges from FormsAuthentication to ASP.Net Membership/Roles only to find out that any non-aspx files are still accessible by anyone.
I have read about a possiblesolution to this problem in http://weblogs.asp.net/scottgu/archive/2007/03/04/tip-trick-integrating-asp-net-security-with-classic-asp-and-non-asp-net-urls.aspxwhere an ISAPIfeature called "wildcard mappings"is explained. I think this will solve my problem.I will raise a support ticket.