Securing files for download.

From: Steve Lloyd (steveRemoveThisNow_at_livenowpaylater.co.uk)
Date: 12/09/03


Date: Tue, 9 Dec 2003 19:44:44 -0000

Hi,

I am trying to work out how I can secure files available for download on a
website.

I have forms authentication set and can deny access to aspx file in a
directory using the web.config file which redirects to the login page and
works fine, however, if i have a downloadable in this directory people can
enter the URI of the file and download it without any login. I understand
that the web.config approach only secures .Net based resources but would
like to know if anyone has a solution/work around for this. I have thought
about storing the files in SQL which would require an aspx page to
authenticate to the server, I think this would work but SQL space costs much
more than web space ..

The webserver is a shared hosting solution so i do not have acces to the
windows level accounts.

Would appreciate some direction on this.

Thanks very much

Steve