This is some super old code but I used it recently and figured I’d archive it on this site for my future reference. The sample code below aims to allow authenticated users to download files which are not available via direct download (ie. files within the web root). The script accomplishes this by doing the following:
1. Checks to see if the user is logged in (your method may vary)
2. Sets the root directory location
3. Checks to see if the file exists, if so…
4. Retrieves the filesize and adds the appropriate HTTP headers including content disposition, filename, content type and filesize.
5. Uses a binary stream to “push” the download
Save this file as download.asp and call it with the filename in the querystring. Example: http://domain.com/downloads/download.asp?filename=myfile.pdf. Also, be sure to give read permissions to IUSR_SvrName to the root directory. Change the authentication requirements as needed:
If session("loggedIn") = True Then
strFilePath = "D:\webfiles\downloads" & request.querystring("filename")
Set objFSO = Server.CreateObject("Scripting.FileSystemObject")
If objFSO.FileExists(strFilePath) Then
Set objFile = objFSO.GetFile(strFilePath)
intFileSize = objFile.Size
Set objFile = Nothing
strFileName = request.querystring("filename")
strFileName = replace(request.querystring("filename")," ","-")
Response.AddHeader "Content-Disposition","attachment; filename=" & strFileName
Response.ContentType = "application/x-msdownload"
Response.AddHeader "Content-Length", intFileSize
Set objStream = Server.CreateObject("ADODB.Stream")
objStream.Type = 1 'adTypeBinary
Do While Not objStream.EOS And Response.IsClientConnected
Set objStream = Nothing
Response.write "Error finding file."
Set objFSO = Nothing
Note: Even if the file is a PDF and a third-party application such as Adobe Reader is set to open the file within the browser, the code below will override that and force a download (by using the “application/x-msdownload” content type).
[The UPDATE below is no longer accurate as an alternative solution has been given below in the comments and subsequently, was added to the code (Thanks a bunch, David!). I wanted to leave it for Googlers looking for a solution, however]
UPDATE: Someone wrote to let me know that they were encountering the error “Response Buffer Limit Exceeded“. As it turns out, IIS 6’s ASPBufferingLimit is set to a measly 4MB (4194304 bits) so any file over 4MB would produce this error. To fix this issue, you will have to have access to IIS either via the command line or the MMC. Here’s how to change the buffering limit via the command line:
************ NOTE: An easier solution is to use the updated Do While/Flush procedure given in the code *****************
cscript adsutil.vbs set /w3svc/aspbufferinglimit 4294967295
That’s a buffering limit of more than 4 Gigabytes. Personally, I’d lop off the last digit and make that number closer to 430MB. Running that script worked immediately on my test machine, even though I do not have “Enable Direct Metabase Edit” checked in IIS’ Properties. If it doesn’t work for you, restart IIS and see if it works.