asked on

Folder security on NT server

I need to secure PDF files on an external ASP hosting service. I cannot create a domain user for everyone requiring access to the secure folder. I understand on unix servers a HTACCESS file can be created to maintain a list of vaild users for a directory.

How can I provide similar security on an NT box? Surely there must be a solution.. I have attempted to stream the .PDF file to the browser, using ASP - while this works it is extremely slow?

AlfaNoMore

NTFS permissions are the only way. You could have some kind of file_index.asp page, that someone would have to navigate through, and this would ask for there username + password, but if someone accesses one of your files directly, there's nothing you can do.

AlfaNoMore

Surely all your "users" are going to be the Internet Guest Account (IUSR_Computername) anyway, aren't they?

Even if you had an HTACCESS file, you wouldn't know who this particular user was? Unless there's something you're not telling us?

ajosephson

ASKER

Yes, this is what I've been doing, but as you say the user can still enter the explicit url.. AJ

ajosephson

ASKER

Correct me if I?m wrong, my vague understanding of how .HTACCES works is the file maintains a list of valid usernames/passwords for a folder, if the current session is not valid for that folder a login box is displayed? (so IUSR_Computername irrelevant )?

AlfaNoMore

That's not how NTFS works though.

In NT, choose the properties of your folder you want security on. Select Security/Permissions, and remove the IUSR_ account. Now add the users that have access to this folder.

Inside IIS, you'd have to remove ananamous (eek!, can't spell) access, and ask the system to authenticate.

This will pop that little username + password box up.

BUT, you said your ISP won't let you do this, so it's no good. the .HTACCESS is exactly the same as NTFS, just using a slightly different way to administer the accounts.

abesoft

It sounds like you want to use a "custom authentication scheme" via an ISAPI filter. The way this works is that you use NTFS file locking to secure the target files from anonymous access. When the user attempts to access them, IIS will try to authenticate them, using one of its built-in mechanisms. Your filter can then intercept their login request (which is a userid/password) and can verify those against your own user database.) If they match, you secretly log the user in under a different account ("AuthenticatedUser") along with that account's password, and the user can then access the files under that account's priviledges.

If you need more detailed help (or an ISAPI expert who can do this thing for you) then please let me know. girard@cgocable.net

Hope this helps!

ajosephson

ASKER

Thanks for the info? Could a third party **easily** develop the necessary code/.dll to do this? Also would a hosting provider typically be willing to install the ISAP filter dll, and modify the NT Registry etcetera? What else would they need to do?

I appreciate your help..

AJ

ASKER CERTIFIED SOLUTION

abesoft

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Netminder

Moondancer

ajosphson stated in another open/old question that satisfactory results weren't obtained in all of the above questions and would like to receive a refund and PAQ/close it. Any objections, or anything further you'd like to add to try and complete this collaboration effort?

Thanks,

Moondancer
Community Support Moderator @ Experts Exchange

ajosephson

ASKER

Thank you..

Moondancer

Thank you for returning and finalizing this.
Moondancer
Community Support Moderator @ Experts Exchange