w3hello.com logo
Home PHP C# C++ Android Java Javascript Python IOS SQL HTML videos Categories
How to protect direct file access

Don't provide direct links to the files. Create a new page called GetFile.aspx?id=1 and have the page retrieve the files. That way the user never knows or has direct access to the files on your server. This way you can change security on the folder where your files exist so only the web server can access them directly.

Change your links on the page to be:

<a href="GetFile.aspx?id=1">Click here for read me file</a>

Example of how to download a file from asp.net:

public void DownloadFile(string fileName)
{
    Response.Clear();
    Response.ContentType = @"applicationoctet-stream";
    System.IO.FileInfo file = new
System.IO.FileInfo(Server.MapPath(FileName));
    Response.AddHeader("Content-Disposition", "attachment; filename=" +
file.Name);
    Response.AddHeader("Content-Length", file.Length.ToString());
    Response.ContentType = "application/octet-stream";
    Response.WriteFile(file.FullName);
    Response.Flush();
}

Code example taken from this question: Open any file from asp.net





© Copyright 2018 w3hello.com Publishing Limited. All rights reserved.