How to protect downloadable files

Hello,

I am writing a site where people can buy ebooks. I want to have a system
whereby they can download the file(s) once they have paid, but
(obviously) not before. I also want some sort of protection to stop
people simply posting the download link around the 'net and have every
Thomas, Richard and Harold grabbing them!

Any suggestions for this?

I was contemplating using URL rewriting to provide a temporary link that
contained the date encoded, and have it only work for (say) 24 hours
after they pay. If they want it after that, they have to ask me
manually. That should deter people who haven't paid. I'm not sure how
good a system this is though.

Bear in mind that I'm not going to drive myself mad over this. I can't
stop people simply distributing the ebooks themselves, so it's not worth
expending huge efforts on protecting the download. Having said that, I
want something that will deter petty thieves.

Any suggestions welcome. TIA
Alan

--
Alan Silver
(anything added below this line is nothing to do with me)

Re: How to protect downloadable files

The easiest way is to create Download.aspx page

which will evaluate the criteria (like if user logged in and has permission
to download this book ) and then redirect to error.aspx if criteria failed
or if success use Response.WriteFile to output file.

PS: You will need to add folowing code

Response.Buffer = false
Response.AddHeader "Content-Disposition","attachment; filename=myebook.pdf"

So users will be prompted to save file myebook.pdf

George.


"Alan Silver" wrote in message
news:RgAzck5sQkgHFwmb@nospamthankyou.spam...
> Hello,
>
> I am writing a site where people can buy ebooks. I want to have a system
> whereby they can download the file(s) once they have paid, but (obviously)
> not before. I also want some sort of protection to stop people simply
> posting the download link around the 'net and have every Thomas, Richard
> and Harold grabbing them!
>
> Any suggestions for this?
>
> I was contemplating using URL rewriting to provide a temporary link that
> contained the date encoded, and have it only work for (say) 24 hours after
> they pay. If they want it after that, they have to ask me manually. That
> should deter people who haven't paid. I'm not sure how good a system this
> is though.
>
> Bear in mind that I'm not going to drive myself mad over this. I can't
> stop people simply distributing the ebooks themselves, so it's not worth
> expending huge efforts on protecting the download. Having said that, I
> want something that will deter petty thieves.
>
> Any suggestions welcome. TIA
> Alan
>
> --
> Alan Silver
> (anything added below this line is nothing to do with me)

RE: How to protect downloadable files

You could have an obfuscated querystring that includes the customer name or
id, the date, and the id of the product to be able to download. If something
comes in and the decoded date is over 24 hours old, you would deny it.

There are a number of easy ways to encrypt or obfuscate a querystring. Here
is a simple one:

http://www.eggheadcafe.com/articles/20060427.asp
-- Peter
Site: http://www.eggheadcafe.com
UnBlog: http://petesbloggerama.blogspot.com
MetaFinder: http://www.blogmetafinder.com


"Alan Silver" wrote:

> Hello,
>
> I am writing a site where people can buy ebooks. I want to have a system
> whereby they can download the file(s) once they have paid, but
> (obviously) not before. I also want some sort of protection to stop
> people simply posting the download link around the 'net and have every
> Thomas, Richard and Harold grabbing them!
>
> Any suggestions for this?
>
> I was contemplating using URL rewriting to provide a temporary link that
> contained the date encoded, and have it only work for (say) 24 hours
> after they pay. If they want it after that, they have to ask me
> manually. That should deter people who haven't paid. I'm not sure how
> good a system this is though.
>
> Bear in mind that I'm not going to drive myself mad over this. I can't
> stop people simply distributing the ebooks themselves, so it's not worth
> expending huge efforts on protecting the download. Having said that, I
> want something that will deter petty thieves.
>
> Any suggestions welcome. TIA
> Alan
>
> --
> Alan Silver
> (anything added below this line is nothing to do with me)
>

Re: How to protect downloadable files

in Computer management console ->default website select properties of your
website:
select the directory tab
click the configuration button and make a new entry for the file extensoin
you want to be handled by ASP.NET





"Alan Silver" wrote in message
news:RgAzck5sQkgHFwmb@nospamthankyou.spam...
> Hello,
>
> I am writing a site where people can buy ebooks. I want to have a system
> whereby they can download the file(s) once they have paid, but (obviously)
> not before. I also want some sort of protection to stop people simply
> posting the download link around the 'net and have every Thomas, Richard
> and Harold grabbing them!
>
> Any suggestions for this?
>
> I was contemplating using URL rewriting to provide a temporary link that
> contained the date encoded, and have it only work for (say) 24 hours after
> they pay. If they want it after that, they have to ask me manually. That
> should deter people who haven't paid. I'm not sure how good a system this
> is though.
>
> Bear in mind that I'm not going to drive myself mad over this. I can't
> stop people simply distributing the ebooks themselves, so it's not worth
> expending huge efforts on protecting the download. Having said that, I
> want something that will deter petty thieves.
>
> Any suggestions welcome. TIA
> Alan
>
> --
> Alan Silver
> (anything added below this line is nothing to do with me)

Re: How to protect downloadable files

Thanks to everyone who replied. So far, it sounds like you are all
suggesting basically what I had in mind, so I'll carry on with that
idea.

Thanks

In article , George Ter-Saakov
writes
>The easiest way is to create Download.aspx page
>
>which will evaluate the criteria (like if user logged in and has permission
>to download this book ) and then redirect to error.aspx if criteria failed
>or if success use Response.WriteFile to output file.
>
>PS: You will need to add folowing code
>
>Response.Buffer = false
>Response.AddHeader "Content-Disposition","attachment; filename=myebook.pdf"
>
>So users will be prompted to save file myebook.pdf
>
>George.
>
>
>"Alan Silver" wrote in message
>news:RgAzck5sQkgHFwmb@nospamthankyou.spam...
>> Hello,
>>
>> I am writing a site where people can buy ebooks. I want to have a system
>> whereby they can download the file(s) once they have paid, but (obviously)
>> not before. I also want some sort of protection to stop people simply
>> posting the download link around the 'net and have every Thomas, Richard
>> and Harold grabbing them!
>>
>> Any suggestions for this?
>>
>> I was contemplating using URL rewriting to provide a temporary link that
>> contained the date encoded, and have it only work for (say) 24 hours after
>> they pay. If they want it after that, they have to ask me manually. That
>> should deter people who haven't paid. I'm not sure how good a system this
>> is though.
>>
>> Bear in mind that I'm not going to drive myself mad over this. I can't
>> stop people simply distributing the ebooks themselves, so it's not worth
>> expending huge efforts on protecting the download. Having said that, I
>> want something that will deter petty thieves.
>>
>> Any suggestions welcome. TIA
>> Alan
>>
>> --
>> Alan Silver
>> (anything added below this line is nothing to do with me)
>
>

--
Alan Silver
(anything added below this line is nothing to do with me)