| Author |
Secure web files in ASP
|
|
|
| hey ppl
i have a bit of a dilema. I need to secure some files so only people with access can download them. The site is hosted with an ISP and there is a database directory without http access. But how could i stop anyone accessing some files (e.g typing the path in a browser).
The other information pages and links are all secure using session logins, but this doesn't solve the problem of keeping files (xls, ppt,etc)secure.
Can anyone help? I am reallllyyy desperate! | |
| wccalvin 2001-12-07, 8:00 am |
| There might be one possible solution. You may use 2 pages. The first page should be one one independent browser without navigation bar and menu bar. This browser will submit or link to the second page. The second page is the key page which determine whether the files could be downloaded. You can check the user information from session or cookie. Whatever your criteria will be. Hope this may help.
Calvin | |
|
| people can still type the url in though and directly access the files. I already have the site protected using logins and session variables, but the actual files can still be accessed directly because they are not web files and I can't write ASP into them to not allow people in without the session variable.
I think it might be pretty much impossible on an external web host who wont setup NT directoy access for you. | |
| wccalvin 2001-12-07, 7:31 pm |
| I think the reasons I used 2 ASP pages to redirect the download is that nobody can see the URL for download. And that's why you use the 2nd page to direct the download process. Besides, in the 2nd page, there is one way to check out the access right. But of course, you need to setup your access control system. It's really hard to explain it just in word. Keep thinking about it. I don't think there is any problem cannot be solved in the world. | |
| gauravgoyalus 2001-12-07, 10:57 pm |
| You can ask for user log-in and password befor showing the actual page. | |
|
| I know they wouldn't be able to see the URL, but the files are very sensitive and my client doesn't want to take any chances. H has just changed hosts, and they will setup directory access permissions for us through NT. I'm going to have the users login and give them a generic u/n and p/w to access that directory..........
thanx anyway guyz | |
| mcp_mcse 2001-12-09, 12:57 am |
| DId u try using password directories ??
Whenever a user tries to get beneath a folder, a window pops up like the adult sites do. This window can otherwise be avoided using asp codes.
Luv n Luck
Jack |
|
|
|