[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Require User Id and Password for a Web Directory and All of It's Resources Contained

Posted on 2003-12-08
3
Medium Priority
?
164 Views
Last Modified: 2010-04-06
Greetings;

My client wishes to restrict any resource within a specific web directory. This directory contains .aspx, .txt and .pdf files. By using forms authentication and requesting the user id and password from the viewer I can easily compare this to a data store and using FormsAuthentication.RedirectFromLoginPage present the requested page to the viewer having approved their credentials.

However, this method is not working when the viewer brings up their browser and types in (or uses a bookmark) for the .pdf file in the same directory. No login page is presented. The PDF file is presented immediately to them. The same with .txt and even .htm files. The only resource protected, it seems, using forms authentication in this way are .aspx file (and perhaps other .NET suffixed files).

Is there a way to have the login page presented and credentials validated when any resource in the specific directory is accessed?


Much thanks.


Dave Stolzenbach
0
Comment
Question by:David Bach
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 1

Accepted Solution

by:
avin_ashinc earned 2000 total points
ID: 9992327
My Friend,

This reminds of a hard time i had a few months back :-)
You can go in for CGI tools like "livelink" which can provide security (even different levels). Livelink provides security to all types of documents.

But if u are a poor guy like me :-) try using this way around.

The idea here is not giving out the path of the PDFs. Put the documents into a folder with a wierd name (say xyz_123).

On the link of the PDF file, post the name of the PDF file to an ASP page with the code as runs below. The binary write prevents the user to know the exact path of the file. Hope this helps.

Mail me if u need the content type for other docs.

<%
strFile="xyz_123\" & trim(Request.Form("filename"))
Response.contenttype="application/pdf iirc"
Response.AddHeader "content-Disposition",  "inline;filename=PDF"
Response.BinaryWrite getBinaryFile(server.mappath(strFile))

 function getBinaryFile(fileSpec)
    Dim adTypeBinary
    adTypeBinary = 1
    Dim oStream
    set oStream = server.createobject("ADODB.Stream")
    oStream.Open
    oStream.Type = adTypeBinary
    oStream.LoadFromFile fileSpec
    getBinaryFile= oStream.read
    set oStream=nothing
end function
%>
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface This is the third article about the EE Collaborative Login Project. A Better Website Login System (http://www.experts-exchange.com/A_2902.html) introduces the Login System and shows how to implement a login page. The EE Collaborative Logi…
It's sometimes a bit tricky to use date functions in Oracle BPEL. I'll explain quickly how you can add N days to the current date. In a BPEL process this can be useful, and you can adapt it to fit your needs. First of all, let's see how to add 1 …
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question