There could be many ways of validating users before allowing them to download the files. In some applications, you can put direct URL of files into browser and can get downloaded from there directly. It is because that application don’t have user validations on file downloads.
Users role can be also validated for downloads. The simplest way is to apply the asp.net membership. This authenticate each users. We have a “deny users=’?’” options which is placed inside Authorization tag of web.config file. We can have many web.config files in one application and maximum 1 web.config file inside each folder. So we can keep our all downloadable files into a folder and there we need to place web.config file. In that web.config file we have to deny the access to anonymous users. So steps are as –
- Put all downloadable files into a folder.
- Put a web.config file into this folder. Put ‘deny users=”?”’ inside Authorization tag of this web.config file. This will stop anonymous user access.
- Apply asp.net membership to authenticate users. Even if someone known the direct URL, it will not allow as authentication is check with help of asp.net membership.
Isn’t it simple? Even we can allow file downloads on role basis. We have another web.config attribute “deny roles=’weGiveUserRoleHere’” that deny to specific roles for downloading. Rather than denying to roles, we can set roles for “allow”.
- <allow roles=”myAllowedRoles” /> or we can put <deny roles=”myDeniedRoles” />
Thus, we can stop anonymous download, deny to other logged-in users and can allow to specific role based users for downloads.