Re: How do I protect download files being directly accessed through URL info?

From: Paul Lynch (paul.lynch_at_nospam.com)
Date: 05/25/04

Next message: D.P.Das: "unwanted pop-ups under IE browser"
Previous message: Bernard: "Re: FTP Welcome Message Date/Time"
In reply to: David Wang [Msft]: "Re: How do I protect download files being directly accessed through URL info?"
Next in thread: David Wang [Msft]: "Re: How do I protect download files being directly accessed through URL info?"
Reply: David Wang [Msft]: "Re: How do I protect download files being directly accessed through URL info?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 25 May 2004 13:02:10 +0100

On Tue, 25 May 2004 02:06:26 -0700, "David Wang [Msft]"
<someone@online.microsoft.com> wrote:

>FYI: This question actually has nothing to do with IIS.
>
>Since you are using custom authentication and authorization, you are
>responsible for authenticating and authorizing such resource access
>yourself. IIS cannot do it for you since it's your custom scheme.
>
>How people usually do this is to place those download files in some
>directory that is NOT accessible via the web, and then use one authenticated
>ASP page that uses ADO to stream the files from that directory (upon
>successful authentication/authorization) to the browser. Please google for
>the many past responses on this (I can't seem to find the link to code that
>implements this, at the moment).

Is it this ?
http://support.microsoft.com/default.aspx?scid=KB;EN-US;q301464&ID=KB;EN-US;q301464&SD=MSDN

Regards,

Paul Lynch
MCSE

Next message: D.P.Das: "unwanted pop-ups under IE browser"
Previous message: Bernard: "Re: FTP Welcome Message Date/Time"
In reply to: David Wang [Msft]: "Re: How do I protect download files being directly accessed through URL info?"
Next in thread: David Wang [Msft]: "Re: How do I protect download files being directly accessed through URL info?"
Reply: David Wang [Msft]: "Re: How do I protect download files being directly accessed through URL info?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: a WWW-Authenticate header field that the server is not configu
... Thank you for your prompt responses. ... Obviuosly there is a gap in my knowledge how Authentication and Encryption ... I've gone through the IIS documentation but was not ... Enabling SSL on IIS does not require the steps you describe. ...
(microsoft.public.inetserver.iis.security)
Re: Multi-Factor Authentication Concern
... The system that "Bob" has implemented does not reflect multi- factor authentication as it is commonly defined, ... He's a hard-headed guy and responses from security experts on a mailing list won't convince him. ... entry using the credentials of the other two. ... destroys the concept of accountability. ...
(Security-Basics)
RE: Multi-Factor Authentication Concern
... Subject: Multi-Factor Authentication Concern ... I appreciate all of these responses. ... entry using the credentials of the other two. ... destroys the concept of accountability. ...
(Security-Basics)
Re: Learning WSE2.0
... I had posted the same issue on 6/8 but didn't get any responses. ... >> Authentication for a new project and I'm essentially setting up a ...
(microsoft.public.dotnet.framework.webservices.enhancements)
Re: How do I protect download files being directly accessed through URL info?
... IIS cannot do it for you since it's your custom scheme. ... the many past responses on this (I can't seem to find the link to code that ... You may want to look into ASP.Net's Form based authentication or CustomAuth ... I intend to create a page from where the user can download a file (exe, ...
(microsoft.public.inetserver.iis.security)