Solved

Redirect to a password protected directory using response.redirect

Posted on 2003-10-22
4
337 Views
Last Modified: 2008-01-09
Hi Everyone,

How can i redirect a user to a password protected IIS5 (basic authentication) file/folder using something like response.redirect ("Http://username:password@your.url.com/file.mid")?
I am trying to do this but looks like ASP doesnt like the idea of putting sensitive user info on the url, but i guess is the only way to do what i need to do.
The basic idea is to hide the final URL, but the files will be hosted on another server, anyway the cellphone doesnt like the idea server.transfer even with the propper mime types set, that is why i am trying the response.redirect with the username and password included.

Do you know how can i do this?

thanks a lot!
0
Comment
Question by:morcilla
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 29

Accepted Solution

by:
Göran Andersson earned 125 total points
ID: 9605655
A Response.Redirect does not at all hide the final URL. Check this:
http://www.experts-exchange.com/Web/Web_Languages/ASP/Q_20774244.html

You can only do Server.Transfer to ASP files, not any other type of files.

To disclose the location of the file, you have to use an ADODB.Stream object to read the file and write it to the response stream. Exactly what you tried to do with Server.Transfer.
0
 

Author Comment

by:morcilla
ID: 9607445

Thanks GreenGhost for the answer, but how can i do the ADODB.Stream if the binary file (midi) is located on another server?

And the weird thing is that i made a server.transfer to a midi file, i just putted the correct mime type, and it worked on the PC but not in the cell phone, so i guess is for the extension of the file, anyway i tried that with the midi located on the same server, and i guess server.transfer doenst work for files located on another servers.

I guess that to hide the URL is not the most important thing, since the user will download the file in the cell phone and looking at the url is kinda complicated there.

What do you think? how can i do this?

Thanks!
0
 
LVL 29

Expert Comment

by:Göran Andersson
ID: 9607748
To read a file from a different server, you need to have a shared directory on the other server, that is set up so that the IUSR account on the first server can access it. You might have to use a domain controlled user account for anonymous access instead of the standard IUSR account to get this to work.

If you make a Server.Transfer to a file that is not an ASP file, it will still be executed as an ASP file. With some files this will work anyway, but some files will produce errors when ASP tries to execute them.

You can only do a Server.Transfer to a file on the same server anyway.

Does the other server have ASP capabilities? Can you put an ASP file there, that will open the correct file with ADODB.Stream and write it out? Then you could link to that file instead.

If you can use ADODB.Stream to write the files out, the files doen't even have to be available via internet. You can place them outside the wwwroot file tree so that they are only available through the ASP file.
0
 
LVL 2

Expert Comment

by:AshleighGreen
ID: 9624708
Hey,

a simple (slightly unsecure, but more secure than having the password in the URL) way of doing it is to use the session state.

To use the session state you need to enable it in the web.config file:

<configuration>
    <system.web>
            <sessionState cookieless="true" timeout="15"/>
    </system.web>
</configuration>

cookieless can be set to false if you prefer.

When you authenticate the user you could then say
Session["User"]=txtBoxUserName.Text; //or something to that effect

Then you can set permissions to the folder in the web.config file so only certain users can access it:

      <location path="members">
            <system.web>
                  <authorization>
                        <allow users="Administrator, Fred, David" />
                        <deny users="*" />
                  </authorization>
            </system.web>
      </location>

? - guest, so alternatively, if you want everyone registered user to be allowed to access you could say

      <location path="members">
            <system.web>
                  <authorization>
                        <allow users="*" />
                        <deny users="?" />
                  </authorization>
            </system.web>
      </location>

From this to more secure forms of authentication you just need to implement forms authentication and place users in roles, but from the sound of it that's more complex than you'd like to get.

NOTE web.config HAS to be in the root of your application. (you can have versions of it not in the root, but I generally find it less confusing to put it in the root only).

in the example, members is the restricted folder.

so the address for the members folder would be www.youraddress.com/members/

you can also restrict files.

If a user attempts to access a page they dont' have access to, they get redirected to Login.aspx in your root directory.

I hope this helps
-Ashleigh
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
JS does not refresh 6 42
Replace value 2 54
How to post data to an API using ASP Classic 3 50
Classic ASP - Display returned sql output parameter 9 55
I would like to start this tip/trick by saying Thank You, to all who said that this could not be done, as it forced me to make sure that it could be accomplished. :) To start, I want to make sure everyone understands the importance of utilizing p…
This demonstration started out as a follow up to some recently posted questions on the subject of logging in: http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Q_28634665.html and http://www.experts-exchange.com/Programming/…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question