Hide location of PDF

Hi there

We have a back office system developed in ASP.NET which contractors can view all their invoices online. I have just made an addition that allows them to click on a link that opens up a PDF in their browser which displays their invoice as a PDF which they can download.

The problem, however, is that they can manipulate the link in the address bar and thus view someone elses invoice, which we dont want. I can obvioulsy do validation on the page before they are directed to the PDF, but once the PDF opens it has the location on our server in address bar, which they can make a few minor changes to and view someone elses stuff.

Any ideas how I can stop this?

Thanks in advance
leapingleonAsked:
Who is Participating?
 
ChetOS82Connect With a Mentor Commented:
Use Response.WriteFile to pass the pdf data itself down to the browser, then they never have access to the file.  Or, place the pdf in a subdirectory so the contractor would have to guess to figure out the location of other PDF files.
0
 
leapingleonAuthor Commented:
Thanks, using the writefile method and it looks good.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.