AbleCommerce Forums
»
AbleCommerce
»
General Questions
»
Create Digital Goods Download Link for Distribution
Rank: Member
Groups: Authorized User, Developers Joined: 11/13/2018(UTC) Posts: 23
Thanks: 16 times Was thanked: 1 time(s) in 1 post(s)
|
We are having to revisit this issue as we are losing resellers because they are unable to generate a download link to send to their clients without needing a login. The old store AC7 used to do this but not the new one. The resellers are not allowed to download the zip files to their computers to send to their clients, so we need to be able to have this feature reenabled. Any ideas?
|
|
|
|
Rank: Advanced Member
Groups: Admin, Administrators, Developers, Registered, HelpDesk, Authorized User Joined: 7/31/2019(UTC) Posts: 77
Was thanked: 8 time(s) in 8 post(s)
|
Hi,
I am going to look into AC7 and will reply you after that.
Thanks. |
|
|
|
|
Rank: Advanced Member
Groups: Admin, Administrators, Developers, Registered, HelpDesk, Authorized User Joined: 7/31/2019(UTC) Posts: 77
Was thanked: 8 time(s) in 8 post(s)
|
Hi,
I am going to look into AC7 and will reply you after that.
Thanks. |
|
|
|
|
Rank: Advanced Member
Groups: Admin, Administrators, Developers, Registered, HelpDesk, Authorized User Joined: 7/31/2019(UTC) Posts: 77
Was thanked: 8 time(s) in 8 post(s)
|
Hi, I checked the AC7 implementation and figured that a login is always required to download the digital goods. I am not sure but I think it might be a custom feature? if you want to generate some custom download link for distribution (without requiring an account login), there is no out of the box way in AC9. Thanks, Edited by moderator Thursday, September 10, 2020 3:51:13 PM(UTC)
| Reason: remove conflicting statement |
|
|
|
|
Rank: Member
Groups: Authorized User, Developers Joined: 11/13/2018(UTC) Posts: 23
Thanks: 16 times Was thanked: 1 time(s) in 1 post(s)
|
I'm not aware of it being custom, but it would appear on the final receipt as you can see on the screenshot below:
|
|
|
|
Rank: Advanced Member
Groups: Admin, Administrators, Developers, Registered, HelpDesk, Authorized User Joined: 7/31/2019(UTC) Posts: 77
Was thanked: 8 time(s) in 8 post(s)
|
Its not the custom link, its default download link.
What version of AC7 you were using? I tested it with AC707 but it required a login to access this.
Actually without security (login or some security token) anyone can guess your links and download your digital goods without actually purchasing those.
Thanks,
|
|
|
|
|
Rank: Member
Groups: Authorized User, Developers Joined: 11/13/2018(UTC) Posts: 23
Thanks: 16 times Was thanked: 1 time(s) in 1 post(s)
|
7.0.0 we were really "old school" til now...
|
|
|
|
Rank: Advanced Member
Groups: Admin, Administrators, Developers, Registered, HelpDesk, Authorized User Joined: 7/31/2019(UTC) Posts: 77
Was thanked: 8 time(s) in 8 post(s)
|
7.0.0 is really old, and allowing to access downloads without any security is not a recommended approach, so it was fixed in later versions. Though I do not recommend that, but I can point you to related code blocks and you can disable the authorization checks: Code file: /Code/DownloadHandler.cs We are validating the user access at two locations in the above file: Line # 43 Code: if (hasAccess)
{
DownloadHelper.SendFileDataToClient(context, digitalGood);
}
else Response.Write("You are not authorized to download the requested file.");
Line # 67 Code: if (AbleContext.Current.UserId == order.User.Id)
{
....
....
....
}
else
{
Response.Write("You are not authorized to download the requested file.");
}
You can disable these checks, recompile the website project. And after that your order digital-goods downloads will be accessible to everyone having a link. Thanks. |
|
|
|
|
Rank: Member
Groups: Authorized User, Developers Joined: 11/13/2018(UTC) Posts: 23
Thanks: 16 times Was thanked: 1 time(s) in 1 post(s)
|
Thank you, I understand that it's not the best plan security-wise, but we need a workaround for our resellers.
|
|
|
|
Rank: Advanced Member
Groups: Admin, Administrators, Developers, Registered, HelpDesk, Authorized User Joined: 7/31/2019(UTC) Posts: 77
Was thanked: 8 time(s) in 8 post(s)
|
A better approach is to use a security token in URL query string.
The security token may contain information about the order Id, and user id the digital good is associated with, in some encrypted format. The token information can be used for validation while downloading. This way it will not require a login, but it will not be possible to guess the digital good URL's only by changing the id value.
Thanks. |
|
|
|
|
Rank: Member
Groups: Authorized User, Developers Joined: 11/13/2018(UTC) Posts: 23
Thanks: 16 times Was thanked: 1 time(s) in 1 post(s)
|
How would we do that? My skills with visual studio and coding is beginner at best.
|
|
|
|
Rank: Advanced Member
Groups: Admin, Administrators, Developers, Registered, HelpDesk, Authorized User Joined: 7/31/2019(UTC) Posts: 77
Was thanked: 8 time(s) in 8 post(s)
|
Hi,
Here is a simple approach:
When generating a link for we should calculate a security token, based on "digital good id + order id + user id" information, and encrypt the data. This security token can be appended to download URL for example:
https:/www.teststore.com/download.ashx?Id=233&token=DF343JLJ343JL==
Now at download page we can authenticate that the URL is valid by recalculate the security token for the digital good and compare it with the provided token. If the token matches it means the URL is valid, as it contains correct information about the order id and user id. So allow the download, otherwise deny the access.
I suggest to get a developer assistance to implement it. It may take a couple of hours.
Thanks. |
|
|
|
|
AbleCommerce Forums
»
AbleCommerce
»
General Questions
»
Create Digital Goods Download Link for Distribution
Forum Jump
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.
Important Information:
The AbleCommerce Forums uses cookies. By continuing to browse this site, you are agreeing to our use of cookies.
More Details
Close