I need to implement a non bookmarkable, secure download link:
- I’d like to ensure that the form post is made from a genuine link from my site.
- the link is only valid for 5 mins for 1 click only
I’m planning to do it by:
- link should render with a access-token that’s only valid for 5 mins and for 1 single download
- clicking on the link will submit an HTTP POST to the download endpoint with the access token. HTTP POST download endpoint over https will be implemented using Asp.Net MVC 3)
- upon a valid http post request (ntlm authentication token, valid http referer, etc.) returns a pdf file (content-disposition: attachment; … pdf and mime-type: application/pdf).
- link and download endpoint are hosted in two different web apps
- second http post request will return an HTTP 401
Before rolling out my own custom request ticket solution across the 2 web apps, I wonder if there’s a open source or 3rd party library that does exactly this. Thoughts?
Thanks
Ron
I couldn’t find any projects that satisfied the above requirements. However, the closest that I could find is if I were to use Windows Azure blob storage I’ll be able to use Access Control List feature which gives me an option to set a start/expiry date to a link