Protect download files

Situation:
I have some images that anybody can download. What I wan't is to only let people that have logged in (or got the URL to the file by mail?) be able to download the specific image they have ordered.

Is it possible to protect files like this?

I'm using ASP and Access.

What I have thought of is storing the files in Access as a Blob (but I don't wan't to do that because it will kill my DB), or giving the files random names.

Any better ideas/solutions?

If my English confuses you, I'm looking for a solution similar to http://www.templatemonster.com/

Thanx, EiSa

Well, as far as I know, it's not possible to completely protect someone from downloading an image that you show them.

However, I do have a potential alternative.
You could display small thumbnails to all potential customers, then once someone has bought the picture, they will be able to download a high-quality, full-size version of it.

Anyways, just a suggestion! Good luck.

-D:S

If your site is developed in ASP.Net -

You can use a session state boolean on each page that is requested by your visitors -

If the session state is false - simply redirect your visitor to a login page and/or registration page.

Your global.asa file will set the session state for first and subsequent visits and also reset the session state variable when they leave.

Simple and effective method that Ive used on my site.

Mark (getemerson)

Another way to do this would be to store the images in an inaccessible directory on the server. In an ASP page, you could check if the user was authenticated and if so open the image on the server in binary and send it to the client.

Yup numbernine, that's the method i'd use too... create a virtual directory, and binary stream the img's out.

It does depend on how much control you have over the site that is hosting your web pages -

if its your home/own site then game on.

If you are using a hosting service? - There may be restrictions on what you can do - you may not have virtual directories at your disposal- usually you are given a couple of folder paths to work with as your own - and depending on the type of subscription service you have with the hosting company you may not even be able use ASP/ASP.net/database etc unless additional greenbacks exchange hands - which means you'll have to manage with just HTML and some JavaScript -

Having said that you may not have access to the global.asa file either - (in reflection to my original solution)

Hence my question ...

can you tell us more about what resources you have access to.

Thanx for responding everybody. Haven't had time to look into into it because I'm short of time.

But to your information, it's not my server so I can't store things in a inaccessible directory. It's not images, it's zip-files.

EiSa

Probably the easiest method in your case would be creating a simple member authentication system and using cookies or sessions to hold their logged in status. You also need a database table of paths to images, each with an ID.

Now, on your site you will call on an ASP page as the image source, passing in the image's ID. This page should connect to the DB, get the path, then do a Response.Redirect() to that path. This page should also have code to check if the user is logged in or not.

Only your users would be able to rip your images because they would have to call on the actual ASP script path and save the image it returns. It would make hotlinking and ripping from non-members impossible though.