Following code is for allowing only the registered(logged in) users to download files
Further Reading
Here as well
Step 1: Create a file Handler.ashx and write the following code. Since I am not using form authentication, I am checking the session variables which are set once the user successfully logs in. Please note the implementation of IRequiresSessionState interface, this is because the HttpHandler cannot access session parameters on its own.<%@ WebHandler Language="C#" Class="Handler" %> using System; using System.Web; using System.Web.Security; using System.Web.SessionState; public class Handler : IHttpHandler,IRequiresSessionState { public void ProcessRequest (HttpContext context) { try { if (context.Session["user"] != null) { string filename = context.Request.QueryString["File"]; //Validate the file name and make sure it is one that the user may access context.Response.Buffer = true; context.Response.Clear(); context.Response.AddHeader("content-disposition", "attachment; filename=" + filename); context.Response.ContentType = "octet/stream"; context.Response.WriteFile("~/downloads/" + filename); } else context.Response.Redirect("~/Default.aspx"); } catch (NullReferenceException ex) { context.Response.Redirect("~/Default.aspx"); } catch (System.Exception ex) { context.Response.Write(ex.ToString()); } } public bool IsReusable { get { return true; } } }Step 2: There is a file titled Default.aspx from which users log in into the system and sets the session variableprotected void Button1_Click(object sender, EventArgs e) { //validation related code goes here Session["user"] = "TEST"; Response.Redirect("~/downloads.aspx"); }Step 3: The html code in downloads.aspx<a href="Handler.ashx?File=annex8.pdf">Click Here</a>
Further Reading
Here as well