Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Require User Id and Password for a Web Directory and All of It's Resources Contained

Posted on 2003-12-08
3
158 Views
Last Modified: 2010-04-06
Greetings;

My client wishes to restrict any resource within a specific web directory. This directory contains .aspx, .txt and .pdf files. By using forms authentication and requesting the user id and password from the viewer I can easily compare this to a data store and using FormsAuthentication.RedirectFromLoginPage present the requested page to the viewer having approved their credentials.

However, this method is not working when the viewer brings up their browser and types in (or uses a bookmark) for the .pdf file in the same directory. No login page is presented. The PDF file is presented immediately to them. The same with .txt and even .htm files. The only resource protected, it seems, using forms authentication in this way are .aspx file (and perhaps other .NET suffixed files).

Is there a way to have the login page presented and credentials validated when any resource in the specific directory is accessed?


Much thanks.


Dave Stolzenbach
0
Comment
Question by:David Bach
3 Comments
 
LVL 1

Accepted Solution

by:
avin_ashinc earned 500 total points
ID: 9992327
My Friend,

This reminds of a hard time i had a few months back :-)
You can go in for CGI tools like "livelink" which can provide security (even different levels). Livelink provides security to all types of documents.

But if u are a poor guy like me :-) try using this way around.

The idea here is not giving out the path of the PDFs. Put the documents into a folder with a wierd name (say xyz_123).

On the link of the PDF file, post the name of the PDF file to an ASP page with the code as runs below. The binary write prevents the user to know the exact path of the file. Hope this helps.

Mail me if u need the content type for other docs.

<%
strFile="xyz_123\" & trim(Request.Form("filename"))
Response.contenttype="application/pdf iirc"
Response.AddHeader "content-Disposition",  "inline;filename=PDF"
Response.BinaryWrite getBinaryFile(server.mappath(strFile))

 function getBinaryFile(fileSpec)
    Dim adTypeBinary
    adTypeBinary = 1
    Dim oStream
    set oStream = server.createobject("ADODB.Stream")
    oStream.Open
    oStream.Type = adTypeBinary
    oStream.LoadFromFile fileSpec
    getBinaryFile= oStream.read
    set oStream=nothing
end function
%>
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What is Node.js? Node.js is a server side scripting language much like PHP or ASP but is used to implement the complete package of HTTP webserver and application framework. The difference is that Node.js’s execution engine is asynchronous and event…
Introduction Knockoutjs (Knockout) is a JavaScript framework (Model View ViewModel or MVVM framework).   The main ideology behind Knockout is to control from JavaScript how a page looks whilst creating an engaging user experience in the least …
The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…
The viewer will the learn the benefit of plain text editors and code an HTML5 based template for use in further tutorials.

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question