Solved

Redirect to a password protected directory using response.redirect

Posted on 2003-10-22
4
332 Views
Last Modified: 2008-01-09
Hi Everyone,

How can i redirect a user to a password protected IIS5 (basic authentication) file/folder using something like response.redirect ("Http://username:password@your.url.com/file.mid")?
I am trying to do this but looks like ASP doesnt like the idea of putting sensitive user info on the url, but i guess is the only way to do what i need to do.
The basic idea is to hide the final URL, but the files will be hosted on another server, anyway the cellphone doesnt like the idea server.transfer even with the propper mime types set, that is why i am trying the response.redirect with the username and password included.

Do you know how can i do this?

thanks a lot!
0
Comment
Question by:morcilla
  • 2
4 Comments
 
LVL 29

Accepted Solution

by:
Göran Andersson earned 125 total points
ID: 9605655
A Response.Redirect does not at all hide the final URL. Check this:
http://www.experts-exchange.com/Web/Web_Languages/ASP/Q_20774244.html

You can only do Server.Transfer to ASP files, not any other type of files.

To disclose the location of the file, you have to use an ADODB.Stream object to read the file and write it to the response stream. Exactly what you tried to do with Server.Transfer.
0
 

Author Comment

by:morcilla
ID: 9607445

Thanks GreenGhost for the answer, but how can i do the ADODB.Stream if the binary file (midi) is located on another server?

And the weird thing is that i made a server.transfer to a midi file, i just putted the correct mime type, and it worked on the PC but not in the cell phone, so i guess is for the extension of the file, anyway i tried that with the midi located on the same server, and i guess server.transfer doenst work for files located on another servers.

I guess that to hide the URL is not the most important thing, since the user will download the file in the cell phone and looking at the url is kinda complicated there.

What do you think? how can i do this?

Thanks!
0
 
LVL 29

Expert Comment

by:Göran Andersson
ID: 9607748
To read a file from a different server, you need to have a shared directory on the other server, that is set up so that the IUSR account on the first server can access it. You might have to use a domain controlled user account for anonymous access instead of the standard IUSR account to get this to work.

If you make a Server.Transfer to a file that is not an ASP file, it will still be executed as an ASP file. With some files this will work anyway, but some files will produce errors when ASP tries to execute them.

You can only do a Server.Transfer to a file on the same server anyway.

Does the other server have ASP capabilities? Can you put an ASP file there, that will open the correct file with ADODB.Stream and write it out? Then you could link to that file instead.

If you can use ADODB.Stream to write the files out, the files doen't even have to be available via internet. You can place them outside the wwwroot file tree so that they are only available through the ASP file.
0
 
LVL 2

Expert Comment

by:AshleighGreen
ID: 9624708
Hey,

a simple (slightly unsecure, but more secure than having the password in the URL) way of doing it is to use the session state.

To use the session state you need to enable it in the web.config file:

<configuration>
    <system.web>
            <sessionState cookieless="true" timeout="15"/>
    </system.web>
</configuration>

cookieless can be set to false if you prefer.

When you authenticate the user you could then say
Session["User"]=txtBoxUserName.Text; //or something to that effect

Then you can set permissions to the folder in the web.config file so only certain users can access it:

      <location path="members">
            <system.web>
                  <authorization>
                        <allow users="Administrator, Fred, David" />
                        <deny users="*" />
                  </authorization>
            </system.web>
      </location>

? - guest, so alternatively, if you want everyone registered user to be allowed to access you could say

      <location path="members">
            <system.web>
                  <authorization>
                        <allow users="*" />
                        <deny users="?" />
                  </authorization>
            </system.web>
      </location>

From this to more secure forms of authentication you just need to implement forms authentication and place users in roles, but from the sound of it that's more complex than you'd like to get.

NOTE web.config HAS to be in the root of your application. (you can have versions of it not in the root, but I generally find it less confusing to put it in the root only).

in the example, members is the restricted folder.

so the address for the members folder would be www.youraddress.com/members/

you can also restrict files.

If a user attempts to access a page they dont' have access to, they get redirected to Login.aspx in your root directory.

I hope this helps
-Ashleigh
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests." I got to thinking, hey, I use more than one…
Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is t…
This video discusses moving either the default database or any database to a new volume.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now