|
|||||||||
|
|||||||||
|
|||||||||
 |
|||||||||
| |
||
|
|
|
|
|||||||||
|
|||||||||
|
|||||||||
|
|||||||||
| |
||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
ASP Free Forums Sponsor:
|
|
|
|
#1
June 3rd, 2004, 08:16 AM
|
|||
|
|||
|
A question
If i wanted to protect the part of my web content (working with IIS) and i'd like to avoid stuff like system users or to set NTFS access for the folder i want to protect, what do i need to do?
|
|
#2
June 3rd, 2004, 10:53 PM
|
|||
|
|||
|
You can try some authentication package like authentix, I guess, or write some asp authentication code yourself. But to protect images, doc files and other non-asp files from direct access you'll need to prevent anonymous browsers from accessing these files, and the only way I know is to use windows authentication.
__________________
====== Doug G ====== I didn't attend the funeral, but I sent a nice letter saying I approved of it. --Mark Twain
|
|
#3
June 7th, 2004, 10:04 AM
|
||||
|
||||
|
You could write a page that retrieves the desired content, and checks to see if they are authenticated first.
For example: Put your content in a secured folder. Make your links in the form GET_CONTENT.ASP?doc=whatever.html The GET_CONTENT.ASP checks the querystring for the desired document, verifies the person is "authorized" by using whatever means you choose, then uses the File Scripting object to read the file from the secured folder and deliver it to the browser.
|
|
#4
June 9th, 2004, 08:56 AM
|
|||
|
|||
|
all right but...
But Doug, with windows authentication i have to open user accounts on my windows, which means i'm gonna have to let users enter my server, which i don't really like...
 And kbogart, programming a script like that would i guess take me some time, which i don't really have, and if i did do the script i would have to update it from time to time... i really need something to get me the job done... Gonna have to check out a bit more...gotta try harder thanks guys anyway
|
|
#5
June 9th, 2004, 09:30 AM
|
||||
|
||||
|
Actually, creating a GET_CONTENT.ASP file is quite simple.
Try something like this... <% 'Authenticate your user and set a session variable of UserLoginOK to True contentpath = "d:\inetpub\uclroot\misc testing\" fileContent = rfile(contentpath & request.querystring("doc")) if not session("userloginOK") then select case right(request.querystring("doc"),3) case "htm", "html", "txt" Response.write fileContent end select else response.write "Not authorized..." end if response.end 'The rfile() function reads a file and returns a string variable with the contents of the file Public Function rfile( filename ) Set Sys = Server.CreateObject( "Scripting.FileSystemObject" ) If Sys.FileExists( filename ) Then Set Txt = Sys.OpenTextFile( filename, 1 ) msg = Txt.ReadAll Txt.Close Else msg = "FAIL: File does not exist." End If Set Sys = Nothing rfile = msg End Function %> If your content is straight HTML, this should work fine. If you have binary content like PDF and image files, you would need to adapt it to write headers for PDFs, images, etc with additional case entries.
|
|
#6
June 10th, 2004, 08:02 AM
|
|||
|
|||
|
something smart enough
Well actually the problem is that i may actually have more then only HTML on my server... :I may happen that i have dunno how many types of files on it... The protection that you suggested is od header level... i want not only file, but directory protection also with iusernames and passwords... think that i'm gonna sniff arround a bit more, maybe see one of those packages... and let you know if i found something smart enough...
|
|
#7
June 14th, 2004, 06:05 AM
|
|||
|
|||
|
not bad...
I've been sniffing arround a bit... And i foud a package.. dunno if you've met it before... it's called IISPassword.. and it is made EXACTLY for what i needed to do...
I got everything on a plate, without win authentication or scripting.. not bad... not bad at all.... If you ever needed a thing that i was in need for, check out this one http://www.troxo.com/products/iispassword/
|
|
| Viewing: ASP Free Forums > System Administration > Microsoft IIS > A question |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
|
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
