[RESOLVED]Implementing a secure digital download

Can anyone guide me in the right direction. I want to implement a digital downloads section in a website to allow users to download a pdf file after a purchase. The purchase would probably be made by paypal and the use would be redirected to the site
after the purchase.

What is the best way to go about it to secure the downloads area and the files. Should I store them in the file system or database? Etcs..

Any advice here is greatly appreciated!

I would store it in the database. If you store it in the file system, you have two locations available – the first is in a protected directory like App_Data and the second is in a location outside of the root of your site so that people can’t simply browse
to the files.

Either way, you then need to create a handler to read the file from its location and write it to the Response. You can put whatever authentication checks your system needs in the handler before deciding whether to obtain the file content and writing it.
The handler should be a simple cshtml file. 

Here’s an article that deals with retrieving files from a SQL CE database: http://www.mikesdotnetting.com/article/148/save-and-retrieve-files-from-a-sql-server-ce-database-with-webmatrix.
The process is identical if you are using the full version of SQL Server.

Perfect article Mike!

Can I ask what data type should I use to store a .pdf file?

In SQL Server, use varbinary(max). If you are using SQL Compact, the datatype is Image.

Leave a Reply