Re: Allow file download only to subscribers
From: Paul Lynch (paul.lynch_at_nospam.com)
Date: 01/14/04
- Next message: Paul Lynch: "Re: IIS 5.1 (XP Pro) XML Security Issue"
- Previous message: Tester: "Re: Is it possible to force IIS to accept any client ssl certificate?"
- In reply to: John Kotuby: "Allow file download only to subscribers"
- Next in thread: Tom Kaminski [MVP]: "Re: Allow file download only to subscribers"
- Reply: Tom Kaminski [MVP]: "Re: Allow file download only to subscribers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 14 Jan 2004 13:15:56 +0000
On Wed, 14 Jan 2004 06:49:42 -0500, "John Kotuby"
<johnk@powerlist.com> wrote:
>I have created a site with ASP (Active Server Pages). That requires a login
>validated by an Access database. There is a file that I wish to be
>accessible for download only by registered subscribers. All my ASP pages
>check for the Userid/Password variables that I have set up, so a
>non-subscriber gets bumped back to the login if they try to navigate
>directly to a page other than the login. A subscriber with download rights
>sees a link on their page to the file. However, if a non-subscriber enters
>the exact path to the file, it gets downloaded anyway. I once tried a method
>that forces an FTP from the server, but some subscribers complained that
>they could not receive the file (firewall maybe?). How can I secure that
>file? I'm sure there is a simple way, but I haven't found it yet. Thanks for
>your help.
>
IIS has its own very powerful and flexible security model which you
can leverage to protect your web content. Using both IIS and
underlying NTFS permissions you can effectively lock down any content
on your server.
Read these KB articles :
HOW TO: Use NTFS Security to Protect a Web Page Running on IIS 4.0 or
5.0
http://support.microsoft.com/?id=299970
HOW TO: Configure Web Server Permissions for Web Content in IIS
http://support.microsoft.com/?id=313075
Or you can 'roll your own' :
How do I control access to an area?
http://www.aspfaq.com/show.asp?id=2114
Regards,
Paul Lynch
MCSE
- Next message: Paul Lynch: "Re: IIS 5.1 (XP Pro) XML Security Issue"
- Previous message: Tester: "Re: Is it possible to force IIS to accept any client ssl certificate?"
- In reply to: John Kotuby: "Allow file download only to subscribers"
- Next in thread: Tom Kaminski [MVP]: "Re: Allow file download only to subscribers"
- Reply: Tom Kaminski [MVP]: "Re: Allow file download only to subscribers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
