Solved

Require User Id and Password for a Web Directory and All of It's Resources Contained

Posted on 2003-12-08
3
159 Views
Last Modified: 2010-04-06
Greetings;

My client wishes to restrict any resource within a specific web directory. This directory contains .aspx, .txt and .pdf files. By using forms authentication and requesting the user id and password from the viewer I can easily compare this to a data store and using FormsAuthentication.RedirectFromLoginPage present the requested page to the viewer having approved their credentials.

However, this method is not working when the viewer brings up their browser and types in (or uses a bookmark) for the .pdf file in the same directory. No login page is presented. The PDF file is presented immediately to them. The same with .txt and even .htm files. The only resource protected, it seems, using forms authentication in this way are .aspx file (and perhaps other .NET suffixed files).

Is there a way to have the login page presented and credentials validated when any resource in the specific directory is accessed?


Much thanks.


Dave Stolzenbach
0
Comment
Question by:David Bach
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 1

Accepted Solution

by:
avin_ashinc earned 500 total points
ID: 9992327
My Friend,

This reminds of a hard time i had a few months back :-)
You can go in for CGI tools like "livelink" which can provide security (even different levels). Livelink provides security to all types of documents.

But if u are a poor guy like me :-) try using this way around.

The idea here is not giving out the path of the PDFs. Put the documents into a folder with a wierd name (say xyz_123).

On the link of the PDF file, post the name of the PDF file to an ASP page with the code as runs below. The binary write prevents the user to know the exact path of the file. Hope this helps.

Mail me if u need the content type for other docs.

<%
strFile="xyz_123\" & trim(Request.Form("filename"))
Response.contenttype="application/pdf iirc"
Response.AddHeader "content-Disposition",  "inline;filename=PDF"
Response.BinaryWrite getBinaryFile(server.mappath(strFile))

 function getBinaryFile(fileSpec)
    Dim adTypeBinary
    adTypeBinary = 1
    Dim oStream
    set oStream = server.createobject("ADODB.Stream")
    oStream.Open
    oStream.Type = adTypeBinary
    oStream.LoadFromFile fileSpec
    getBinaryFile= oStream.read
    set oStream=nothing
end function
%>
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Preface This article introduces an authentication and authorization system for a website.  It is understood by the author and the project contributors that there is no such thing as a "one size fits all" system.  That being said, there is a certa…
Preface In the first article: A Better Website Login System (http://www.experts-exchange.com/A_2902.html) I introduced the EE Collaborative Login System and its intended purpose. In this article I will discuss some of the design consideratio…
The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question