• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 283
  • Last Modified:

Hide location of PDF

Hi there

We have a back office system developed in ASP.NET which contractors can view all their invoices online. I have just made an addition that allows them to click on a link that opens up a PDF in their browser which displays their invoice as a PDF which they can download.

The problem, however, is that they can manipulate the link in the address bar and thus view someone elses invoice, which we dont want. I can obvioulsy do validation on the page before they are directed to the PDF, but once the PDF opens it has the location on our server in address bar, which they can make a few minor changes to and view someone elses stuff.

Any ideas how I can stop this?

Thanks in advance
0
leapingleon
Asked:
leapingleon
1 Solution
 
ChetOS82Commented:
Use Response.WriteFile to pass the pdf data itself down to the browser, then they never have access to the file.  Or, place the pdf in a subdirectory so the contractor would have to guess to figure out the location of other PDF files.
0
 
leapingleonAuthor Commented:
Thanks, using the writefile method and it looks good.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now