Not only does it establish your expertise, but it can give you the first shot at converting a site user to a customer. Additionally, your site can be an excellent vehicle for delivering important information packets or digital product updates to your existing customers. FileSystemObject However, not all information is meant to be public. You may want to restrict access to some of the information on your site for many reasons.
A common reason is that you want to sell digital products through an online store. Or perhaps you want to deliver software updates through your site: Only the customers who purchased the software should be able to get the update. Or maybe you want to make competitive or sensitive information available to only certain users of your site, like your sales force for example.
This article describes techniques you can use to put downloadable files on your Web site, and allow access to only certain users. No matter how fancy you get with naming the files, eventually you have to give the URL to somebody, and from that moment on, your security is gone. The best way to prevent unauthorized access is to take the file off of your Web site entirely.
Some people offer the files through FTP instead. However, setting up FTP access requires some degree of system administration expertise and administrative access to the Web server itself. If your site is hosted by someone else, you may not have that access even if you do have the expertise. Another answer is to play the role of the gatekeeper yourself and use email as your delivery mechanism.
That answer is a little too manual to be practical. Okay, so now what? The program acts as a file gateway: It verifies that the user has the right to download the file, and if so, reads the file from a non-Web folder on the server and transfers it to the client. The mechanics are fairly simple. This article presents a sample site that demonstrates the techniques you need to use.
You can download the entire sample site using the link in the Download the Code side bar of this page. The first step is to negotiate a new file organization strategy with your hosting company or your system administrator.
Digital downloads are becoming pretty commonplace, so your hosting company should understand what you are trying to accomplish. As I mentioned, the key is to get the files off the Web site. This folder should be one level above your Web site. The WebSite folder is just what you expect: It contains all of the files and subfolders that make up your Web site. When you configure your site in IIS, this folder is the home directory.
This new structure lets you maintain your Web site and your download files without forcing you to put the download files under your Web site.
You need to do this because your download page is going to run under that account. If you are using. NET, additional permissions may be required, depending upon the version of IIS you are using and the account that runs your application.
Your host should anticipate this need, but if you have permission errors when you attempt to download files, check the folder permissions. Permissions are one of the first things to consider when you encounter download problems.
The next thing to do is figure out how you will identify the users that are allowed to access download files. Every application has different requirements, but most approaches are variations on some basic models. Here are a couple of common models used on the Internet today. If you have an online store, you need a way to deliver only the files that the customer purchased.
Your shopping cart must keep track of which files are associated with which products. You may or may not want to give customers a way to retrieve products at a later date.
If you do want to give them that option, you might generate a password they have to use when they return to the site. The online store model is essentially order-oriented security. Only the person with the correct order number and the password can access the files associated with that order.
With this model, it is common to expire the password after a few days or to limit the number of download attempts or both in order to reduce the potential loss should your customer share the password with others. You may choose the repository model if you have a repository of files that you want to put online, but you want to restrict access to specific users.
For example, you might use your Web site as a place where your employees can retrieve confidential company information. With this model, you often manage access by role. Only persons who have a specific role can access a particular set of files. You normally track the relationship between users and roles and files in a database, and authenticate users through a login page.
Anyone who knows the login user name and password can access the file repository. The last step is to create a page that authenticates the user and transfers the requested file.
The download page is responsible for reading the file from the download folder into memory and then transmitting the file down to the client browser. Right-click on the link below and choose Save As to download the code for this article.
Download Now! The example is a simple ASP application that protects a folder of text files. Working with binary files requires a little more effort because you need some kind of component that is capable of reading binary files.
I cover that later. The example application consists of three ASP pages: Login. Please keep in mind that the purpose of the example is to give you a good understanding of the concepts presented in this article. The techniques used for the application favor simplicity over robustness and scalability. The Login. If the information is correct, the user is redirected to the FileList. If validation fails, the user must try again.
The application has no database behind it, so the required user name and password is just hard-coded into the ASP page.
Anyone who knows the correct user name and password combination can access the files. The page defines two procedures: ValidateForm and DisplayForm. When users submit the form, the page executes ValidateForm.
If validation is successful, the page redirects to FileList. The DisplayForm procedure is straightforward. It just displays the login form along with any error message that may have been generated. For simplicity sake, the sample uses a Session variable to hold the login status of the user.
For a production application, this approach is not particularly scalable, but it works well enough for the sample. The authentication process is simple: If the user name has not been set in the session, redirect the request back to the login page.
Once you have successfully logged in, you see the FileList. The FileList. When you click on a file link, you invoke DownloadFile. The files do not exist in a Web-accessible folder. Although the links invoke DownloadFile. After the download, you can hit the refresh button to see what happened during the download. Rather than hard-coding the file links, FileList. The first step is to allocate an instance of the FileSystemObject and use it to retrieve information about the download folder. The download folder is identified by a constant conDownloadFolder that is declared earlier in the file.
In a real application, you might have additional layers of security at this point. For example, you might restrict the files that are available to each user. This example assumes that if you know the user name and password, you have access to all of the download files. The DownloadFile. Josh Leitzel Josh Leitzel They'll be somewhere on they're computer. If you stream the video instead of hosting the file, you can make it a bit more difficult for users to leech them.
Or, you could do something horrible like embed images in a flash object. Don't post them to your site. Otherwise it is not possible. Chris Ballance Chris Ballance Community Bot 1 1 1 silver badge.
Sampson Sampson k 72 72 gold badges silver badges bronze badges. Open the website via window. Disable right-clicks via JavaScript not recommended due to all the side-effects on usability Load the page's HTML code from another file which may check for a specific referer or which may be ROT13 via JavaScript, so it's harder to access the source code. Cut an image into parts, so it takes some extra work to reconstruct the whole image Add onmousedown events to images, e.
Deliver the image via server script e. Videos Stream videos to prevent simple downloading via URL. Wrap videos into a Flash movie. Use some nasty format that supports DRM. Convert texts to images this may decrease display quality , SVGs or Flash Again, I repeat that none of this will stop an experienced user from grabbing the content e. Thank you for any other ideas to complement the above list!
BurninLeo BurninLeo 3, 3 3 gold badges 33 33 silver badges 48 48 bronze badges. Flanagan A. Flanagan 1, 8 8 silver badges 19 19 bronze badges.
Philosophy is fine unless you have spent time and money to make an excellent product photo only to find that some rat on another continent who doesn't offer customer support has appropriated your photo art and is undercutting your prices.
People in the business of paid videos o photos web apps, will always try to protect his stuffs. Just see how hard is for a "normal" user to download a video from the video URL in YouTube, even that they are on the publicity business — John Balvin Arias. Rostami 2 2 gold badges 10 10 silver badges 23 23 bronze badges. Dan Diplo Dan Diplo If that's the case, and you are open to server side code, I believe this might work: Create a page that accepts a numeric id, maps it to a server file path, opens that file, writes the binary directly to the response stream.
On the page request, generate a bunch of random ids, and map them to the actual media urls, and store that mapping object server side somewhere in session? Render your pages with your media links pointing to the new media page with the appropriate id as a query string argument. Clear the mapping object and generate all new links on every postback. This : won't stop people from downloading from within your page definitely isn't as lightweight as standard HTML and has it's own set of issues.
As many have said, you can't stop someone from downloading content. You just can't. But you can make it harder. David Wolever David Wolever k 82 82 gold badges silver badges bronze badges.
Badfish Badfish. Jordan Jordan 31 1 1 bronze badge. This is how I do it in case anyone in the future is wondering. I put this in the. This approach was previously recommended on stackoverflow [here] stackoverflow. Others reported success with it. Right-click blocks are horribly annoying I want to right-click a link and choose "Open Link in new Tab", for example.
Right-click blocks are easily circumvented by simply turning off JavaScript in your browser temporarily. Also, I have to agree wit' vit: they really are horribly annoying. Jeff Siver Jeff Siver 7, 27 27 silver badges 32 32 bronze badges. Put your image or video in flash format. Works great. Ferrari Ferrari 19 1 1 bronze badge. Is there a tool that runs on linux server that converts mp3 to swf? TimHayes TimHayes 3, 19 19 silver badges 26 26 bronze badges. Now if you want to block access to other images that the user is not supposed to see, I am actually doing it that way: Every link is to the "src" in your image tag is in fact a request send to a controller on the server, the server checks the access rights of that specific user, and returns the image if the user is supposed to have access to it, all images are stored in a directory that is not directly accessible from the browser.
I haven't found a good way to accelerate that in fact.. Antony P. You can set the image to be background image and have a transparent foreground image. There are some tricks you can try: 1. Ravinder Payal Ravinder Payal 2, 25 25 silver badges 39 39 bronze badges.
Nothing stops a screengrab though Igor Ivancha 3, 4 4 gold badges 29 29 silver badges 39 39 bronze badges. Preventing click functionality isn't so nice, and sometimes it defies other purposes of the site — Lea Cohen. Most browsers have inspect element and this is enough to download any type of object displayed on the browser — Oluwatumbi. Sure i agree with both of these comments, but after explaining both of these and more to the client they simply wanted a 1st line of defence to try preventing copy being ripped.
Client wants client gets, explain pitfalls and then invoice accordingly ; — redplanet. Vipul Singh Vipul Singh 3 3 silver badges 12 12 bronze badges. Ranchoddas shyamaldas chanchad Ranchoddas shyamaldas chanchad 73 3 3 silver badges 9 9 bronze badges. Because screenshots don't exist. Goody S. Goody 1 1 gold badge 2 2 silver badges 10 10 bronze badges. The Overflow Blog.
Who owns this outage? Building intelligent escalation chains for modern SRE. Podcast Who is building clouds for the independent developer? Featured on Meta. Now live: A fully responsive profile. Reducing the weight of our footer. Linked See more linked questions. Related Hot Network Questions. Question feed. Stack Overflow works best with JavaScript enabled.
0コメント