views:

386

answers:

2

I'm writing a quick web page to control access to a web based repository of audio file (recordings of lectures). The audio files are held on SAN and accessed from the web server using a UNC share.

I want to force a "save" dialog to appear, because during testing we have found that some web browsers make it very difficult to save mp3 files. It is important that our students can save the file as opposed to just listening to it.

The other requirement is that the dowload link should only become available after the student has clicked a checkbox agreeing to respect the copyright on the file.

I first attempted to use a virtual directory on the web site that authenticated as a domain user. However, if I open the URL of audio file with my command button the web browser may immediately try to play it.

Instead of this I have tried to use an ADODB.stream and use the stream.LoadFromFile to send the file to the student with an appropriate content-disposition to force the download. Because LoadFromFile uses a file path I cannot use the IIS virtual directory and so must give the web site's anonymous login access to my network share. I've done this by making it run as a domain account, but this makes me a bit nervous as I believe it to be less secure.

Even then I still cannot achieve the desired goal because the stream.LoadFromFile command appears to refuse to read the file from the network share. It gives an authentication error, even though the domain login I'm using to run the site has full access to that network share.

Any recommendations for alternative means of meeting my goals?

A: 

When returning the file to the browser, set the mime-type to be "application/x-unknown" - this will cause the browser to ask you to download as it won't know how to handle it.

There is the possibility the browser will read the file extension and try and be clever, but there's nothing you can do about this.

ck
Thanks, this did the trick. I set the MIME types in IIS on my virtual directory to set the mp3 file extension to type application/x-unkown and this achieved the result I was looking for.Thanks for your prompt answers, Brent's solution could also come in very useful in future.
Crayfish
A: 

I like ck's answer of changing the mime type (i'd Vote it up if i was ranked). This will get arround not saving problem.

You can modify the Response Header's to change the mime type instead of using ADODB Try the following code..

         Response.Clear()  
         Response.AddHeader("Content-Disposition", "attachment; filename=" & file.Name)  
         Response.AddHeader("Content-Length", file.Length.ToString())  
         Response.ContentType = "application/octet-stream"  
         Response.WriteFile(file.FullName)  
         Response.End 'if file does not exist

You could also try compressing of the Audio Files with a ZIP extension. This would have the same effect and also lessen the bandwidth required for the download. You may want to consider cacheing your zipped files if you do it dynamically.

Try having a look at the full code here - http://www.xefteri.com/articles/show.cfm?id=8

You could add your Copyright Vertification to the predownload check too.

Brent