Solved

Require User Id and Password for a Web Directory and All of It's Resources Contained

Posted on 2003-12-08
3
155 Views
Last Modified: 2010-04-06
Greetings;

My client wishes to restrict any resource within a specific web directory. This directory contains .aspx, .txt and .pdf files. By using forms authentication and requesting the user id and password from the viewer I can easily compare this to a data store and using FormsAuthentication.RedirectFromLoginPage present the requested page to the viewer having approved their credentials.

However, this method is not working when the viewer brings up their browser and types in (or uses a bookmark) for the .pdf file in the same directory. No login page is presented. The PDF file is presented immediately to them. The same with .txt and even .htm files. The only resource protected, it seems, using forms authentication in this way are .aspx file (and perhaps other .NET suffixed files).

Is there a way to have the login page presented and credentials validated when any resource in the specific directory is accessed?


Much thanks.


Dave Stolzenbach
0
Comment
Question by:David Bach
3 Comments
 
LVL 1

Accepted Solution

by:
avin_ashinc earned 500 total points
ID: 9992327
My Friend,

This reminds of a hard time i had a few months back :-)
You can go in for CGI tools like "livelink" which can provide security (even different levels). Livelink provides security to all types of documents.

But if u are a poor guy like me :-) try using this way around.

The idea here is not giving out the path of the PDFs. Put the documents into a folder with a wierd name (say xyz_123).

On the link of the PDF file, post the name of the PDF file to an ASP page with the code as runs below. The binary write prevents the user to know the exact path of the file. Hope this helps.

Mail me if u need the content type for other docs.

<%
strFile="xyz_123\" & trim(Request.Form("filename"))
Response.contenttype="application/pdf iirc"
Response.AddHeader "content-Disposition",  "inline;filename=PDF"
Response.BinaryWrite getBinaryFile(server.mappath(strFile))

 function getBinaryFile(fileSpec)
    Dim adTypeBinary
    adTypeBinary = 1
    Dim oStream
    set oStream = server.createobject("ADODB.Stream")
    oStream.Open
    oStream.Type = adTypeBinary
    oStream.LoadFromFile fileSpec
    getBinaryFile= oStream.read
    set oStream=nothing
end function
%>
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It's sometimes a bit tricky to use date functions in Oracle BPEL. I'll explain quickly how you can add N days to the current date. In a BPEL process this can be useful, and you can adapt it to fit your needs. First of all, let's see how to add 1 …
I will show you how to create a ASP.NET Captcha control without using any HTTP HANDELRS or what so ever. you can easily plug it into your web pages. For Example a = 2 + 3 (where 2 and 3 are 2 random numbers) Session("Answer") = 5 then we…
Viewers will learn about basic arrays, how to declare them, and how to use them. Introduction and definition: Declare an array and cover the syntax of declaring them: Initialize every index in the created array: Example/Features of a basic arr…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now