invalidating direct download request[Resolved]

Hi all,
I m making an web application where user are presented various pdfs for download after taking some inputs from them. My application checks the user inputs and provides various links to the pdf files to be downloaded.

eg:

www.mydomin.com/files/PDF/form2E.pdf.

If user knows the above file location he simply writes the above address and downloads this file. I want to prevent that.

ny idea(s).

Thnaks

Have a "download.aspx" page which takes the filename as a parameter, and does a Response.writefile to the browser. This way, you are in control.

VB Code:

Dim FilePath As String = strFileName
        Dim TargetFile As New System.IO.FileInfo(FilePath)
 
        ' clear the current output content from the buffer
        Response.Clear()
        ' add the header that specifies the default filename for the Download/
        ' SaveAs dialog
        Response.AddHeader("Content-Disposition", "attachment; filename=" + _
            TargetFile.Name)
        ' add the header that specifies the file size, so that the browser
        ' can show the download progress
        Response.AddHeader("Content-Length", TargetFile.Length.ToString())
        ' specify that the response is a stream that cannot be read by the
        ' client and must be downloaded
        Response.ContentType = "application/octet-stream"
        ' send the file stream to the client
        Response.WriteFile(TargetFile.FullName)
        ' stop the execution of this page
        Response.End()

If you are still worried that users might guess the PDF location then you could store them outside of the web root as mendhak's code could be adapted to still work with this.

DJ

:) Thank u very much.........

is it possible to not show the open/save dialog box and force save the file to a temporary location in the client's pc?

thanks

No. That's a security breach. I could create a malicious program that does the same thing and destroy the user's life!