tags:

views:

225

answers:

2
+1  Q: 

Listing files available for download - files are stored in location accessible to the application only

I have a set of pdf files stored in the location accessible only by the application - so those files cannot be accessed directly via http.

The file paths are stored by the database and when the user is given the option to download a file the code as below is being executed:

 Response.ContentType = "Application/pdf"
 Response.AppendHeader("Content-Disposition", "attachment; filename=<some file name>")
 Response.TransmitFile(Server.MapPath("<the file path>"))
 Response.End()

It all works fine provided I am dealing with a single file

The problem:

I have a stored procedure that returns a list of all the files available to the user for download, and it can return any number of files ranging from 1 to 20.

I would like to create a page that would list all those files along with the download option next to each file.

Something like

File name 1, some description 1, download (button, link?)
File name 2, some description 2, download (button, link?)

It cannot be simply an url link because as I mentioned the files are not directly accessible and some code needs to be executed for each download

What would an elegant solution to accomplish this using .net2.0?

+7  A: 

With regular ASP.NET (2.0) you would want to create a "handler". The easiest option is to add a "generic handler" (ashx) template - then put a regular link on the page to (for example) "download.ashx?id=2".

Inside the handler, parse the query-string, and stream the file to the user:

    public void ProcessRequest(HttpContext context)
    {
        // set headers...
        string filePath = FindPath(context.Request.QueryString("id"));
        context.Response.WriteFile(filePath);
    }

where FindPath resolves the physical file from the query-string link.

If this was ASP.NET MVC, you could just use the File(path) action-result.

Marc Gravell  2009-02-10 13:46:20
+1 - Very nice answer. Very few people know how to use ASHX files despite their usefulness.
Mark Brittingham  2009-02-10 13:58:18
+1. Thanks Mark, that is pointing me into the right direction. I suppose the FindPath function result would need be user/session specific to make ensure that someone does not call the page directly with the ID that he has no permissions for.
kristof  2009-02-10 14:09:17
Personally I'd have fixed ids, and just check the permissions inside the method (perhaps using database ids). That way links work between sessions/browsers, as long as you have access.
Marc Gravell  2009-02-10 14:37:15
That was more or less what I meant by saying session/user specific. I was either considered storing list of file paths is session and the id would be the id in the list, or alternatively to retrieve it from db using ID passed but then I need to also check if the user has the permissions for file
kristof  2009-02-10 15:43:55
To check that i would need to pass userId as well, in session I believe otherwise you can call directly Download.ashx?id=2?user=5. I understand that to use the session data the handler needs to implement System.Web.SessionState.IRequiresSessionState.
kristof  2009-02-10 15:48:27
But perhaps I make it to complicated
kristof  2009-02-10 15:48:58
You don't need session state to identify a user...?
Marc Gravell  2009-02-10 15:57:53
A: 

The URLs in the list of files your return to the user can point to an ASPX page that can download them just like in the example code you provided.

Assaf Lavie  2009-02-10 13:48:26

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps