Audio Files: Security concern; how to prevent unauthorized downloading of audio files from a server
For a church website I'm managing, there is a need to place audio files (sermons) on the website. There will be two categories of audio files; one will be a sample size of the audio file, around 5 minutes开发者_StackOverflow中文版 in length. The other will be the full-length of the sermon (30-50 +/- minutes).
I have decided the best setup would be to place the audio files on the server. I would then store the audio information, as well as the path to the audio file, in a database. I had thought about placing the audio files in the database as a BLOB, but it seemed inefficient.
My concern, is with tools like Firefox extension "Download Helper", it is so easy to simply grab the media files off the server. This would not be a big deal, except we want to sell the full-length audio files. I am running ASP.NET 3.5 on IIS 7. Any ideas?
This can be done by storing the files in a location that is inaccessible to web users such as: a folder not served by IIS or a SQL Server database both with the appropriate access controls.
You can then determine if a user is authorized by allowing to request the file in a number of different ways, but ultimately, once you know your user is authorized and has purchased the file you can send the file to them using a response.write. See the example below for serving from the file system:
Response.Clear();
Response.ContentType = "audio/mpeg3";
Response.WriteFile("d:\private-downloads\private.mp3");
Response.AddHeader("Content-Disposition", "inline;filename=private.mp3");
Response.End();
You need to configure IIS to not serve files from that directory, then write an ASHX page that transfers a file after checking authorization.
This is a simple way to protect file download: http://www.magic-dev.com/files-protection.htm
精彩评论