Downloadable products and URL security

Item		Qty	Total
	{{cartItem.ProductName}} SKU: {{cartItem.ProductSku}}	{{cartItem.Quantity \| number : 2}} x {{cartItem.UnitCost \| currency : '$' : 2}}	{{cartItem.UnitCost * cartItem.Quantity \| currency : '$' : 2}}
{{itemVariant.VariantHasText ? (itemVariant.VariantName + ': ' + itemVariant.VariantText) : (itemVariant.VariantGroup + ': ' + itemVariant.VariantName)}}
You have no items in your shopping cart.
Subtotal	{{minicart.cartTotals.SubTotal \| currency : '$' : 2}}

Image	Item	Qty	Total
	{{cartItem.ProductName}} SKU: {{cartItem.ProductSku}}	{{cartItem.Quantity \| number : 2}} x {{cartItem.UnitCost \| currency : '$' : 2}}	{{cartItem.UnitCost * cartItem.Quantity \| currency : '$' : 2}}
{{itemVariant.VariantHasText ? (itemVariant.VariantName + ': ' + itemVariant.VariantText) : (itemVariant.VariantGroup + ': ' + itemVariant.VariantName)}}
You have no items in your shopping cart.

Status	Order No.	Order Date	Ship To	Order Total	Pay Total	Balance
Bill Me Later Open Ready To Ship Shipped Picked Up Cancelled Incomplete On Hold Back Ordered Returned {{order.Status}}	{{order.OrderID}}	{{order.OrderDate \| date : 'M/d/yyyy'}}	{{order.ShipFirstName}} {{order.ShipLastName}}, {{order.ShipAddress1}} {{order.ShipAddress2}}, {{order.ShipCity}}, {{order.ShipState}} {{order.ShipZipcode}}	{{order.GrandTotal \| currency : '$' : 2}}	{{order.PayTotal \| currency : '$' : 2}}	{{order.GrandTotal - order.PayTotal \| currency : '$' : 2}}

Home

Product Discus...

SmithCart

Downloadable products and URL security

7/29/2010 12:09 AM

John Sheridan

Joined: 7/8/2010

Posts: 8

Downloadable products and URL security

Hallo Experts,

I am testing your webshop and my first impression is very well because it has a good user experience.

Now I have a question about downloadable products and URL security.

In your user guide on site 86 you mentioned that the download link on the confirmation page is secure.

But when I press the download now button a popwindow (browser window) and the save dialog appears, where the user can see the url.

See following Screenshot:

http://picasaweb.google.at/1129447218...

Please tell me, how to hide the real url?

Must I use Gatekeeper?

Many thanks in advance

best regards

John

7/29/2010 7:49 AM

John Sheridan

Joined: 7/8/2010

Posts: 8

Re: Downloadable products and URL security

I am a little confused:

In the browser source code editor I can found following code:

input ... window.open(Location of download)

In your manual you are mentioned that the product download url is not visible beginning with version 2.66

How does the real behaviour and the text in user manual fits together?

The testversion I have installed has version 2.97.0

Please let me know, whats wrong

7/29/2010 5:17 PM

Scott Kelly

Joined: 3/11/2010

Posts: 1979

Re: Downloadable products and URL security Modified By SuperUser Account on 7/29/2010 9:10:22 PM

The download url is populated in server side code when the user clicks the download button on the confirmation page so the download url is hidden when the user hovers or right clicks on the button (the way most people know to get a url) but after the user clicks the button unfortunately the latest browser versions don't allow url masking anymore as its considered a security risk to allow url masking/hiding. The cart server side code does a window.open and we have added the parameters 'resizable=no,toolbar=no,menubar=no,location=no,status=no' but ie8 and the latest broswers ignore it. The browser window that pops up when you click the download now button is only visible for a second before the dialog box is displayed to download the file so the user wouldnt be able to cut and paste the url. Here are a couple posts on it:

http://www.dotnetspider.com/forum/238...

http://www.coderanch.com/t/118289/HTM...

The Gatekeeper download manager for Smith Cart was specifically developed to fully secure your soft products. Here is more info on the gatekeeper

Smith Cart Electronic Downloads Gatekeeper Manual v1.01

Buy Gatekeeper Online

-Scott

Scott Kelly
Project Manager
DotNetNuke Consulting, DotNetNuke Store and DNN Ecommerce

8/4/2010 3:45 PM

Scott Kelly

Joined: 3/11/2010

Posts: 1979

Re: Downloadable products and URL security

I had one other idea on how you could fully secure your downloadable products without purchasing our gatekeeper program. Using the DNN file manager create a "Secure File System" folder to store your electronic products. The files within this directory will have .resources appended to the filename. The secure file system prevents hackers from downloading your soft goods directly using a browser as IIS and Asp.Net will not allow .resources files from being downloaded.

In order to generate the download link for your soft goods that you have secured using the secure file system you need to utilize the DNN LinkClick.aspx file processor to serve the file up which makes it possible for you to set the file view permissions to restrict the viewing to just authenticated users or any other selected role. Once you generate the DNN linkclick url just cut and paste the url to the download url field in the Smith Cart product setup screen and your electronic products will be fully protected.

Step by Step Instructions:

From the dnn admin menu - file manager navigate to your portal root and enter a folder name in the "Folders" field
Select the option "Secure - File System" from the folders dropdown list and click the "Add folder" button
Using dnn file manager upload or copy your downloadable product files to your new secure folder you just created
Go to any dnn page and from an html module click the hyperlink icon from the rich text editor and create a file system link to the file in your secure folder.
DNN will create a secure linkclick url
Copy and paste the link click url to your clipboard or notepad
Go to the Smith Cart product setup screen for your downloadable product that you want to secure
Paste the linkclick generated in step 6 in front of the full url to your portal root. It should look something like this:

http://www.yourdomain.com/Portals/[yourPortalRoot]/Products/LinkClick.aspx?fileticket=0NI7XZREIeB0%3c&tabid=114

Scott Kelly
Project Manager
DotNetNuke Consulting, DotNetNuke Store and DNN Ecommerce

8/15/2010 11:06 PM

John Sheridan

Joined: 7/8/2010

Posts: 8

Re: Downloadable products and URL security Modified By John Sheridan on 8/15/2010 11:08:05 PM

Many thanks for your hint.

I could not reproduce step no. 4.

In DNN (Version 5.4.4) the link button has only the option to insert document links.

And the document manager shows the secured path but not the secured file.

My suggestion is: Why do you not offer this as feature in a new cart version?

I think this steps could be done through code?

I could do this steps, but could my customer do this, if he inserted his product?

Another suggestion is: if you buy the cart and the gatekeeper to secure files, you should get a special price.

Many thanks in advance

Page 1 of 1

Home

Product Discus...

SmithCart

Downloadable products and URL security

You have no items in your shopping cart.

You have 1 item in your shopping cart.

{{multiCartItemsStr.replace('[COUNT]', minicart.cartList.length)}}

Item(s): {{minicart.countCart().Number | number : 2}}

Questions? Contact us for answers!

Services

DNN Modules

Support

Contact Us