Re: IIS Folder and file security. Impersonation does not work.
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 07/08/04
- Next message: Gavin Wells: "SelfSSL"
- Previous message: David Wang [Msft]: "Re: Windows Authentication problem with IIS6 (Win2k3)"
- In reply to: Razak: "IIS Folder and file security. Impersonation does not work."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 8 Jul 2004 01:07:42 -0700
Please do not multi-post. Answered elsewhere with code sample.
-- //David IIS This posting is provided "AS IS" with no warranties, and confers no rights. // "Razak" <razak@mmsc.com.my> wrote in message news:Ouhb2LKZEHA.3692@TK2MSFTNGP09.phx.gbl... I'm using WIndows server 2003 with IIS 6.0. My web consists of a folder named 'Files' which I would like to restrict access only to members. The folder contains various types of files such as images (jpg, png, bmp), flash animation (swf), videos (avi, mov), and audios (wav, mp3, aif). What I'm trying to achieve is that members will be alowed to view and download those files in 'Files' folder only through an ASP page since I want to track some statistics. So I have to avoid the files from being leeched or simply opened by typing the url to the file in the address bar. The only way I can think to achieve that is by securing the folder since it is on an NTFS drive. I don't want to create each user a Windows account on the server, instead I created a general user account 'Xuser' which is given the previllege to access the 'File' folder. BTW, the folder is set to allow only Administrators group and Xuser. For each succesfully logged in user will have access to the asp page (which displays the file, or play the movie/animation, so on), by linking to the requested file in the 'Files' folder using Impersonation method I created using VB (as sampled at http://support.microsoft.com/support/kb/articles/q248/1/87.asp ) and on the ASP page is as follows:- <% Dim objLogon Set objLogon = Server.CreateObject("LoginAdmin.ImpersonateUser") objLogon.Logon "Xuser", "1234", "" %> . . . . <IMG Src="files/00001.jpg"> . . . . <% objLogon.Logoff Set objLogon = Nothing %> The problem is, the above impersonation does not work. Everytime I open that page, IE still prompt for user/pwd. I know that the impersonation dll is OK since in other part of the website, I use it to manipulate (modifying/writing) the files in the 'Files' folder which otherwise I'm not allowed to (since 'IUSR_machinename' is not given the privillege at all to access/modify the 'File' folder). And the Impersonation works just fine. It just that it doesn't work when linking from a web page. I opted out locating the secured folder 'File' somewhere outside the web root and stream it using <img src="stream.asp?file=00001.jpg"> because it only works for image files, but doesn't work with shockwave flash, large audio and video files, etc. Hope that someone has done something similar to this to share their knowledge. Thanks.
- Next message: Gavin Wells: "SelfSSL"
- Previous message: David Wang [Msft]: "Re: Windows Authentication problem with IIS6 (Win2k3)"
- In reply to: Razak: "IIS Folder and file security. Impersonation does not work."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
