I'm working on a ASP.NET Core project and I want to have a download link which becomes available to the user once they've made the payment. The file is on another server which is not secure at all and I don't want the main address to be leaked because then user can have access to the link without making any payment. How can I make this link secure?

CodePudding user response：

As your resource in another server. So we can't restrict our user to access it, if they know the url.

So I suggest you can download resource file in your backend code, after they finish the payment.

After test, I download sample file, and I can't get the resource url.

Test step:

My sample video url:

2. You can refer my test code.

   public async Task<IActionResult> DownloadFile(string fileid)
   {
        // get model by id from your db
        fileModel model = bll.getmodelbyid(fileid);
        string url = model.fileid;   //"http://commondatastorage.googleapis.com/gtv-videos-bucket/sample/BigBuckBunny.mp4";

        using (var client = new HttpClient())
        {

            using (var result = await client.GetAsync(url))
            {
                if (result.IsSuccessStatusCode)
                {
                    return new FileContentResult(await result.Content.ReadAsByteArrayAsync(), model.mimetype)//"video/mp4")
                    {
                        FileDownloadName = Guid.NewGuid()   model.fileextension//".mp4"
                    };
                }

            }
        }
        return null;
   }

3. Test result