Permissions on folders

Hi all,

I'm not sure if this question goes in this section or not, but here goes.

I have a Login that checks an Access database for the user, and then if a valid user, directs them to a page that pulls any reports that are located in their specific folder. For example, http://www.somewebsite.com/Members/10/SomeFile.pdf. While the only reports pulled are those located in their directory, I realized that there is nothing in place that keeps someone from changing the subfolder "10" to another number and being able to get someone else's report.

Is there a way to set permissions on each folder without having to require the user to go through Windows login, as well as the webpage login? Hopefully this makes sense.
Thanks in advance for your help!

Kellie

Well, you can have each website check to make sure the session is valid before displaying the page... this can be difficult depending on your level of farmiliarity wiht scripting and the tools you are using. As fo just in IIS, no, not really. To make sure that not just anyone can see all your files though, turn off directory browsing... btw, I think you should have posted this one in the IIS forum.

You can of course just force them to use windows authentication, or setup a username and password for each folder (on the server go to DRIVELETTER:\WINNT\System32\Inetsrv\inetmgr.exe
then you find the folder your serving that your interested in, right click on it in the left pane, select properties
Go to the Directory serurity tab, annoynmous access and authentication control and hit edit. From there you should be able to figure it out.

For what you seem to be trying to do though, I would probably just setup an SSH server and put scripts which start them out in the right directory, and give them no access to the others. then they just need to use their windows logins and it's secure. Although some might find it a bit harder to use.

Good luck,

-mwalts