Hi! guys need your help.

I have a existing asp code the allow the user to download the pdf file. I use a URL link to download the file like this http://localhost/pdf/001.pdf I create a virtual directory for pdf folder. I want to restrict the user not to direct download the files without login to my login page. Do you have any idea how solve this issue.

Thanks,
Rylemer

Hi

What I normally use for this is filesystemobject if the user does not use IIS for authentication.

You could store the PDF's in any folder outside your webfolder and grant you webservice user access to this folder. The code would go something like this:
<%@ Language=VBScript %>

<%
dim sFile, sRoot, sDir, sExt, objShell, objFSO, sMIME, objStream
sRoot = "Your Folder Path"
sFile = "Filename from href or static"
'You could check the MIME type of the file so get the file extention
set objFSO = server.CreateObject("Scripting.FileSystemObject")
sExt = objFSO.GetExtensionName (sFile)
set objFSO = nothing
' Create an instance of Wscript.Shell to let us read the registry to get the type
Set objShell = Server.CreateObject("Wscript.Shell")
On Error Resume Next
' Get the MIME type
sMIME = objShell.RegRead("HKEY_CLASSES_ROOT." & sExt & "Content Type")
On Error GoTo 0
if len(sMIME) = 0 then
    ' If there is no registered type then return octetstream. This will prompt
    ' the user with the "Open or Save to disk" dialogue.
    sMIME = "application/octetstream"
end if
set objShell = nothing
'Content type to browser
Response.ContentType = sMIME

' And the name of the file to browser
Response.AddHeader "Content-Disposition", "filename=" & sFile & ";"

' Pipe the file to the browser,
' use the ADODB.Stream
Set objStream = Server.CreateObject("ADODB.Stream")
objStream.Open
' Set the type as Binary
objStream.Type = 1
' Load our file
objStream.LoadFromFile sRoot & sDir & sFile

' And send it to the browser
Response.BinaryWrite objStream.Read

objStream.Close
Set objStream = Nothing
%>

Hope this helps

Regards
Marnus

acdsky,

In your code, you include Authenticate.asp.
Can you send me that include file.

Thanks,
Rylemer

<%
Dim Auth
If Session("Authenticated") <> "True" Then
 response.redirect("login.asp")
End If
%>


This example uses a Session variable which was set to "true" on the login page. If not authenticated the user is redirected to login.asp

Hi Marnus,

Kinda confusing what I want is the user can't put this URL directly to the IE address bar. http://localhost/pdf/001.pdf
if the user put this URL it should go back to my login page.

Thanks,
Elmer

I understand what you mean.

If you dont want the user to be able to do that from the address bar your files needs to be stored outside of the web folder. i.o.w You cant store the files in c:\Inetpub\wwwroot\PDF. The code I gave you will enable you to store your PDF outside of the web folder. e.g "C:\My PDFs" There is no way this location could be read directly from the URL so the ASP code i gave you will read this location to enable the user to download the files, but he has to use that asp page to be able to get to the files in the first place. Now the include file on the top of this page will not allow the user to run this page if they not logged in.

Does that make more sense?

Hi Marnus,

Yes. it makes sense. I really appreciate your help. Thanks a lot.

Thanks,
Elmer

Hello acdsky, I used your code and it kinda worked cause I got the binary output printed on my browser, but my question is , how do I get the proper file instead of the binary code printed on the browser?

Thanks!

Juan

HI, you know that Firefox does not save all file name and extension of a long named file like : " connections_45_ie sdsdsd.docx "
can you tell me why? i`m using this script too!