Re: Securing documents
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 02/28/05
- Next message: David Wang [Msft]: "Re: how do i turn off the Logon to my local host 127.0.0.1?"
- Previous message: Thomas Stensitzki: "Server.CreateObject fails on W2K3 IIS6"
- In reply to: Luke Bellamy: "Securing documents"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 28 Feb 2005 04:25:26 -0800
If you use built-in Windows Authentication and NT user accounts, this
automatically works for free and integrated with everything else.
But since you want to use non-Windows user accounts, it means that you will
have to essentially re-build the entire authentication/authorization
framework -- either by yourself or by purchasing/using another product.
ISAPI Filter (or ISAPI Extension on IIS6 analogous to the CustomAuth sample
code from the free public IIS Platform SDK) is the only way to do this on
IIS. Joe has pointed out one such ISAPI Filter sold for this purpose.
-- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "Luke Bellamy" <Luke@CashWhiz.com.au> wrote in message news:OCmhxVIHFHA.3612@TK2MSFTNGP09.phx.gbl... Hi - I'm using IIS and ASP. I would like the ability for users that are logged in to upload a document (doc, pdf, xls, etc) and then assign another user account through my web pages so they can login and view these documents. The only problem is that when I upload these documents to my web site I cannot secure them enough. Outside users could hack the URL and get access to the documents. Options I am considering at the moment include streaming the file from a secure area or from the database straight to the client and they download it. But would really prefer they view then through IE (I say that because really hoping to use Access SNP files and use the ActiveX control to view them). But to do that I have to make the document accessible via HTTP thus in a public area. Another option is I could simply copy the file currently requested into a temp session area that is removed after the session_onend. But obviously there is still a security hole. Trying to avoid Windows NT account security to folders as that mean I would constantly have to maintain accounts at users request. Prefer to allow users through my web pages control access to documents. Any comments or suggestions are greatly appreciated. Thankyou, Luke Bellamy Newcastle, Australia
- Next message: David Wang [Msft]: "Re: how do i turn off the Logon to my local host 127.0.0.1?"
- Previous message: Thomas Stensitzki: "Server.CreateObject fails on W2K3 IIS6"
- In reply to: Luke Bellamy: "Securing documents"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
