ajosephson
asked on
Folder security on NT server
I need to secure PDF files on an external ASP hosting service. I cannot create a domain user for everyone requiring access to the secure folder. I understand on unix servers a HTACCESS file can be created to maintain a list of vaild users for a directory.
How can I provide similar security on an NT box? Surely there must be a solution.. I have attempted to stream the .PDF file to the browser, using ASP - while this works it is extremely slow?
How can I provide similar security on an NT box? Surely there must be a solution.. I have attempted to stream the .PDF file to the browser, using ASP - while this works it is extremely slow?
NTFS permissions are the only way. You could have some kind of file_index.asp page, that someone would have to navigate through, and this would ask for there username + password, but if someone accesses one of your files directly, there's nothing you can do.
Surely all your "users" are going to be the Internet Guest Account (IUSR_Computername) anyway, aren't they?
Even if you had an HTACCESS file, you wouldn't know who this particular user was? Unless there's something you're not telling us?
Even if you had an HTACCESS file, you wouldn't know who this particular user was? Unless there's something you're not telling us?
ASKER
Yes, this is what I've been doing, but as you say the user can still enter the explicit url.. AJ
ASKER
Correct me if I?m wrong, my vague understanding of how .HTACCES works is the file maintains a list of valid usernames/passwords for a folder, if the current session is not valid for that folder a login box is displayed? (so IUSR_Computername irrelevant )?
That's not how NTFS works though.
In NT, choose the properties of your folder you want security on. Select Security/Permissions, and remove the IUSR_ account. Now add the users that have access to this folder.
Inside IIS, you'd have to remove ananamous (eek!, can't spell) access, and ask the system to authenticate.
This will pop that little username + password box up.
BUT, you said your ISP won't let you do this, so it's no good. the .HTACCESS is exactly the same as NTFS, just using a slightly different way to administer the accounts.
In NT, choose the properties of your folder you want security on. Select Security/Permissions, and remove the IUSR_ account. Now add the users that have access to this folder.
Inside IIS, you'd have to remove ananamous (eek!, can't spell) access, and ask the system to authenticate.
This will pop that little username + password box up.
BUT, you said your ISP won't let you do this, so it's no good. the .HTACCESS is exactly the same as NTFS, just using a slightly different way to administer the accounts.
It sounds like you want to use a "custom authentication scheme" via an ISAPI filter. The way this works is that you use NTFS file locking to secure the target files from anonymous access. When the user attempts to access them, IIS will try to authenticate them, using one of its built-in mechanisms. Your filter can then intercept their login request (which is a userid/password) and can verify those against your own user database.) If they match, you secretly log the user in under a different account ("AuthenticatedUser") along with that account's password, and the user can then access the files under that account's priviledges.
If you need more detailed help (or an ISAPI expert who can do this thing for you) then please let me know. girard@cgocable.net
Hope this helps!
If you need more detailed help (or an ISAPI expert who can do this thing for you) then please let me know. girard@cgocable.net
Hope this helps!
ASKER
Thanks for the info? Could a third party **easily** develop the necessary code/.dll to do this? Also would a hosting provider typically be willing to install the ISAP filter dll, and modify the NT Registry etcetera? What else would they need to do?
I appreciate your help..
AJ
I appreciate your help..
AJ
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ajosephson,
Some of these questions have been open for some time. Please resolve them appropriately as soon as possible.
https://www.experts-exchange.com/jsp/qShow.jsp?qid=20056728
https://www.experts-exchange.com/jsp/qShow.jsp?qid=20066170 (locked)
https://www.experts-exchange.com/jsp/qShow.jsp?qid=20094993
https://www.experts-exchange.com/jsp/qShow.jsp?qid=20155903
https://www.experts-exchange.com/jsp/qShow.jsp?qid=11866699
https://www.experts-exchange.com/jsp/qShow.jsp?qid=20158889
https://www.experts-exchange.com/jsp/qShow.jsp?qid=20178767
https://www.experts-exchange.com/jsp/qShow.jsp?qid=20179790
https://www.experts-exchange.com/jsp/qShow.jsp?qid=20186684
https://www.experts-exchange.com/jsp/qShow.jsp?qid=20229069
https://www.experts-exchange.com/jsp/qShow.jsp?qid=20241406
https://www.experts-exchange.com/jsp/qShow.jsp?qid=20249663
Thanks,
Netminder
Community Support Moderator
Experts Exchange
Some of these questions have been open for some time. Please resolve them appropriately as soon as possible.
https://www.experts-exchange.com/jsp/qShow.jsp?qid=20056728
https://www.experts-exchange.com/jsp/qShow.jsp?qid=20066170 (locked)
https://www.experts-exchange.com/jsp/qShow.jsp?qid=20094993
https://www.experts-exchange.com/jsp/qShow.jsp?qid=20155903
https://www.experts-exchange.com/jsp/qShow.jsp?qid=11866699
https://www.experts-exchange.com/jsp/qShow.jsp?qid=20158889
https://www.experts-exchange.com/jsp/qShow.jsp?qid=20178767
https://www.experts-exchange.com/jsp/qShow.jsp?qid=20179790
https://www.experts-exchange.com/jsp/qShow.jsp?qid=20186684
https://www.experts-exchange.com/jsp/qShow.jsp?qid=20229069
https://www.experts-exchange.com/jsp/qShow.jsp?qid=20241406
https://www.experts-exchange.com/jsp/qShow.jsp?qid=20249663
Thanks,
Netminder
Community Support Moderator
Experts Exchange
ajosphson stated in another open/old question that satisfactory results weren't obtained in all of the above questions and would like to receive a refund and PAQ/close it. Any objections, or anything further you'd like to add to try and complete this collaboration effort?
Thanks,
Moondancer
Community Support Moderator @ Experts Exchange
Thanks,
Moondancer
Community Support Moderator @ Experts Exchange
ASKER
Thank you..
Thank you for returning and finalizing this.
Moondancer
Community Support Moderator @ Experts Exchange
Moondancer
Community Support Moderator @ Experts Exchange