Hi Jesse,

The challenge is in securing access to the files so that only users with permission can download it. If the files were stored on disk using their original extensions like .doc or whatever, they could be requested directly by url, but since requests for .doc would be handled directly by IIS and bypass .NET (unless you do some major configuration changes on the server) there is no way for .NET code to intercept requests for .doc files and apply permission checks. Anyone who knows the url can download the file. The shared files module handles this by storing files on disk with a .config extension which is protected by default in ASP.NET, and the original file names are stored in the db. An url request to an .config file will not be able to retrieve the file.

The easiest way I can think of to implement a solution that allows emailing a link to a file while still keeping it secure would involve making a special page like ~/SharedFileDownload.aspx?pageid=x&mid=y&fileid=z

I could add a column for Download Link in the grid with a preconfigured link for each file, then you could right click the link and choose copy link location and then paste that into an email that you send. The SharedFileDownload.aspx page would verify the user has permission and if so return the file.

Would a solution like that be sufficient for your needs?

Joe

This is implemented in svn. You can right click the download link and copy link location for email purposes.

In code you can build an url to the file in this format:
~/SharedFileDownload.aspx?pageid=x&mid=y&fileid=z

It must have the correct pageid, moduleid (mid), and fileid to work. Permission to download the file is equivalent to permission to view the page that the module is on. If the user is not authenticated it will redirect to the login page then after login proceed to the file download.

Joe