How can I generate a unique download link of a file on Asp.net api? I want to provide a download feature via webservice, each user just got a unique download link at a time.
UPDATE:
I dont want to waste time of user for login.
One user can download multiple file.
The file type can be xml, image, text and sound file.
I am trying to develop an application which sell ebook.
Thanks a lot
Can you give us more details what exactly you are trying to achieve.
I would like to know if users are registered?
Will same user download more than 1 file?
What type of file?
any other scenario you can tell us?
It can be dont in many ways depending upon your scenario.
look for this example & will send you more
http://support.microsoft.com/kb/306654
One way of doing it if it fits your scenario
While you could use a GUID and maybe relate it to your user in your database, you would need to create some business logic around how that GUID is excepted by your application. For example you might say UserA has a GUID, if that GUID is used in the next 15 minutes let UserA log in automatically but after 15 minutes force the user to use a username and password.
Similarly you could make a query string, something like u=UserA&time=1347&date=01282001 and then run it through a hash of some sort. When it comes back in, unhash it (so you couldn't use MD5), check the time stamp and see how long it has been since that timestamp was created. If it is within an acceptable time frame, let the user enter, if not force them to use a username and password. This would not require you to relate anything with your user in your database, so may be a more simple solution compared to a GUID.
Update: If i had to do it then i will take up following approach. It is up to you how you will protect these files from download.
Step 1: I will create a new table & generate a GUID once user make payment & store guid & userID, BookID information in this table. Now you can generate a link based on this information
http://www.xyz.com/download.aspx?BookID=XX&UserID=XXX&GUID=guid-guid-guid-guid-guid-guid
Step 2: Create a HTTPHandler to check if such record is present in the table you created above if so then allow the user to download the book otherwise he should not be able to download the book.
You can keep all downloadable file under FOLDER which user dont have direct access.
I hope you understand what i am trying to say.
This is how i would do, I can either keep all files in protected folder or store them in DATABASE.
i hope this will give you a starting point.
Related
If I have User and Profile objects. What is the best way to structure my collections in firestore given that the follow scenarios can take place?
Users have a single Profile
Users can update their Profile
Users can save other users' profiles
Users can deleted their saved profiles
The same profile can't be saved twice
If Users and Profiles are separate collections, what is the best way to store saved profiles?
One way that came to mind was that each user has a sub collection called SavedProfiles. The id of each document is the id of the profile. Each saved Profile only contains a reference to the user who's profile it belongs to.
The other option was to do the same thing but store the whole profile of each saved profile.
The benefits of the first approach is that when a user updates their own profile there's no need to update any of the their profiles that have already been saved as it's only the reference that is stored. However, attempting to read a user's saved profiles may require two read operations (which will be quite often), one to get all the references then querying for all the profiles with those reference (if that's even possible???). This seems quite expensive.
The second approach seems like the right way to go as it solves the problem of reading all the saved profiles. But updating multiple saved profiles seems like an issue as each user's saved profiles may be unique. I understand that it's possible to do a batch update but will it be necessary to query each user in the db for their saved profiles and check if that updated profile exists, if so update it? I'm not too sure which way to go. I'm not super used to NoSQL data structures and it already seems like I've done something wrong since I've used a sub collection since it's advised to keep everything as denormalized as possible so please let me know if the structure to my whole db is wrong too, which is also quite possible...
Please provide some examples of how to get and update profiles/saved profiles.
Thank you.
Welcome to the conundrum that is designing a NoSQL database. There is no right or wrong answer, here. It's whatever works best for you.
As you have identified, querying will be much easier with your second option. You can easily create a Cloud Function which updates any profiles which have been modified.
Your first option will require multiple gets to the database. It really depends how you plan to scale this and how quick you want your app to run.
Option 1 will be a slow user experience, while all of the data is fetched. Option 2 will be a much faster user experience, but will requre your Cloud Function to update every saved profile. However, this is a background task so wouldn't matter if it takes a few seconds.
Recently, I've add the user agent string when the guests submit the form to the database. There is a report that is generated weekly containing various statistics. I want to add the device and maybe the browser information to the report.
I was pondering that I would create a new database table that would hold all the know user agent strings and have two extra fields, one for the device info, and maybe the browser in the other one. However, I cannot find a site that you can download the strings. Would any one know of a place?
If that can not be done, I was thinking of a .net alternative. How would I go into doing that in .net?
2 ways to do it:
If you are using ASPNET MVC, you could use the default this.Request.Browser within the controller method call (contains quite a lot of info, example here),
You can also use 51Degrees, which has a light and a complete device db to match devices capabilities
I'm looking to make a very simple, very small back-end system where the user can login and change/edit just one line of text on the homepage of his website, as he'll be changing it frequently.
I'm still relatively new to .Net VB but can someone point me in the right direction of what I need to study / read up on in order to achieve this? I know the line of text will need to be stored in a database, but just what exactly will need to be done in order to achieve this.
I can't imagine it being awful, awful difficult, as it's just a small line of text on the homepage. I imagine a full News system would be harder for example.
Would someone be so kind to tell me how I can do this and just what ASP.Net I need to read up on?
Thanks.
David.
Create a simple ASP.NET website
Create a ado.net connection string
By using that connection string create a sql command
Then you can load the data into database
https://www.youtube.com/watch?v=Tyr1YXpNOrk
http://www.asp.net/mvc/overview/older-versions-1/getting-started-with-mvc/getting-started-with-mvc-part4
Well. If you are looking for very basic, try below.
Create 2 keys in app settings within web.config file. 2 keys are your username and password.
Create login page and compare entered username and password with those keys. If those are correct, allow user to login. If it does not match, give an error message.
After login, you can allow user to change content.
Here you will have only 1 user, using which you can login into application.
I just set up user profiles using asp.net 3.5 using wvd.
For each user I would like to store data that they will be updating every day.
For example, every time they go for a run they will update time and distance. I intend to allow them to also look up their history of distance and time from any past date.
My question is, what does the database schema usually look like for such a set up? Currently asp.net set up a db for me when I made user profiles. Do I just add an extra table for every user? Should there be one big table with all users data? How do I relate a user I'd to their specific data? Etc....
I have never done this before so any ideas on how this is usually done would be very helpful. Thank you.
One easy way is to just add a (one) table to aspnetdb database, this table will be used to track your running session data for all the user profiles. Name it RunnerSessions or something similar, add the following columns to the table:
UserID (use this field to store the profile id from ASP.NET)
SessionDate (use this field to store the run session date)
SessionDistance (use this field to record the distance from that particular run session)
It is a good idea to make UserID + SessionDate fields as your primary key for the RunnerSessions table or create another field called SessionID and set it as autonumber.
To relate each profile to a particular record in the RunnerSessions table, you can store the HttpContext.Current.User.Identity.Name in the UserID field mentioned above.
You are asking for a relational database design. As relational database design is an art in itself and heavily depends on a lot of case specific conditions I will not be able to provide you with a ready-to-go schema.
As I never read any online tutorial about this I will also not post a link here. But you should be able to get started by searching for a relational database design (tutorial) in your favourite search engine.
Maybe someone knows about a good tutorial and can post a link?
I'm writing an Asp.Net WebForms app where I am calling an edit page an passing in the data about the record to be edited using query string parameters in the URL.
Like:
http://myapp.path/QuoteItemEdit.aspx?PK=1234&DeviceType=12&Mode=Edit
On a previous page in the app, I have presented the user with a GridView of screened items he can edit based on his account privileges, and I call the edit page with these above parameter list, and the page know what to do. I do NOT do any additional checking on the target page to validate whether the user has access to the passed in PK record value as I planned to rely on the previous page to filter the list down and I would be fine.
However, it is clear the user can now type in a URL to a different PK and get access to edit that record. (Or, he may have access to Mode=View, but not Mode=Edit or Mode=Delete. Basically, I was hoping to avoid validating the record and access rights on the target page.
I have also tested the same workflow using Session variables to store PK, DeviceType, and Mode before calling the target page, and then reading them from Session in the target page. So there are no query string paramaters involved. This would take control away from the user.
So, I'm looking for feedback on these two approaches so that I choose an accepted/standard way of dealing with this, as it seems like a very common app design pattern for CRUD apps.
Agreed, you'll want to validate permissions on the target page, it's the only way to be absolutely sure. When it comes to security, redundancy isn't a bad thing. Secure your database as if you don't trust the business layer, secure your business layer as if you don't trust the UI, and secure the UI as well.
You should always validate before the real execution of the action, especially if passing the parameters by query string. For the second page that does the execution you might not need as much feedback for the user since you do not have to be nice to the user if he tries to cirumvent your security, so error handling should be a lot easier.
Passing the variables per session is acceptable but imho you should still validate the values.
We always use querystrings so records can be bookmarked easily, however always validate in both places, if you write you access control code nicely it should just be a case of re-using the existing code...
I believe the common practice is to do what you're avoiding: On the original page, you need to check to see what the user should have capabilities to do, and display their options appropriately. Then on the actual work page, you need to check the user again to verify they are allowed to be there, with access to that specific task.
From a usability standpoint, this is what the user would want (keeps it simple, allows them to bookmark certain pages, etc), and security on both pages is the only way to do this.
If you really don't want to check access rights on the target page:
You could hash the PK with the UserID and then add the hash value to the query string.
string hash = hashFunction(PK.toString() + UserID.toString());
Then you have to make sure the hash in the queryString equals the hash value calculated before loading the page.
Assuming this is an internal organization Web application.
Session variables can be manipulated as well, although not as easily. Whatever authentication you're using throughout your site, you should definitely use on your target page as well. Otherwise, you'll be open to exposing data you may not want as you have found out.
You could do the following to make your URLs a bit more secure:
-Use Guids for Primary Keys so users cant guess other record ID's
-The Mode couls be implicit: Guid = Edit, no Guid = New
and..
-Server-side validation is the only way to go.