Solved

How do I use a MS ACCESS db of reg users for a secured subweb ?

Posted on 2004-03-26
9
173 Views
Last Modified: 2013-12-24
I want to restrict access to a folder in my frontpage website that contains files for customers to download eg. http://www.mydomain.com/download/ebook01.zip 
I have a registration module where buyers have to signup and indicate their preferred Username and Password and the system will email them an acknowledgement which they have to Activate before they can actually login to the 'Registered Customers Page'. This is all working fine. However, on this Registered Customers Page, there are 3 links for them to click to download the files they have paid for. The problem I have is how to prevent the URL of those links from being passed around to non-paying customers. So I figured I needed to secure the folder where the files are. I know how to secure the folder by changing it to a subweb etc. I used a MS ACCESS db to store the registered customers that can login. So, my question is, instead of manually ADDING new users to the frontpgae subweb, is there a way to check against the database that holds the registered customers to grant them access to download the files from the subweb ?

Thanks in advance for any help..:) sorry it is a bit long winded.
0
Comment
Question by:DrBix
  • 4
  • 3
9 Comments
 
LVL 29

Expert Comment

by:coreybryant
ID: 10687480
0
 

Author Comment

by:DrBix
ID: 10693506
I am aware of the Spooky Login. I do not have a problem with securing my web pages. It is the links within those secured pages that I want to protect and from what I have read in the forum, the Spooky Login only protects the pages - which means if I have a link on the secured page with this URL for example:  http://www.mydomain.com/download/ebook.zip  - any user who has logged in can still see the full download path of the file and if that is passed around, anyone can just bypass the login and directly download the file. To solve this problem, it would be great if there is a way to secure the download folder ( which can be done by turning that into a subweb with required permissions ) and only allow those registered customers with login/pw to be able to download the file. If someone knows the path of the download folder etc, at least they now have to have a login/pw - they won't be able to bypass.

I have at the moment managed to hide the actual download path but I want to actually fully secure the folder i.e. so that even if they know the full path, they would not be able to download the file if they have bypassed the login.

 I hope I am expressing the problem clearly.


Many thanks for feedback.
0
 
LVL 29

Expert Comment

by:coreybryant
ID: 10694375
Right-click the folder and choose "convert  to web". This makes the folder a sub-web of the main website. Once you publish the web to your network you have to open each of the pages in each folder. Go to tools on the menu bar, choose security. Select "this web has unique permissions", then click apply. Then choose Add Users, and create a username and password for each page.

-Corey
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:DrBix
ID: 10694515
Sorry, perhaps I was not clear about what I need, but you are on the right track. I know how to do the subweb thing. What I do NOT want to do is to manually ADD USERS. What I want is to allow those registered users, whose details are stored in an MS ACCCESS db, to access this secured subweb AUTOMATICALLY without needing my intervention. They have gone through a registration process and are my customers - I just want them to be automatically given access rights without me having to manually add them. Is there any function or any way that can link the ADD USERS to reference an existing db where you can specify the login/pw fields to check if a user is an authorised registered user ? This would solve the problem..:)
0
 
LVL 29

Expert Comment

by:coreybryant
ID: 10694640
Well it is not a FP issue - more geared towards programming.  We actually did something a few days ago for programming something like you are speaking about.  He wanted PDFs to be secured.  I was told they would have to be in a folder that is not accessible via the internet.  And then use something like ASPUploadComponent to access the files.   This will allow the registered members to communicate with the server & files that are not necessarily accessible via the internet (HTTP).  

-Corey
0
 

Author Comment

by:DrBix
ID: 10694680
All my files are on the server that has to be accessible via the Internet so that the whole things can just run on it's own without any manual intervention. So is it the conclusion that the solution I am looking for is not something that can be done easily or without any programming ?  
0
 
LVL 29

Accepted Solution

by:
coreybryant earned 30 total points
ID: 10694695
Correct.  You are wanting to secure non-HTML / non-ASP files.  You need to enter user names manually.  FP will not communicate with an MS Access DB the way that you desire.  You might be looking at about 25 hours of programming.  

-Corey
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How do I kill a session when closing a tab without logging off? 18 92
Serif Plus workable? 4 48
How do I use iTextSharp to turn my current page into a .pdf? 14 702
Problem to Popup 37 127
When deciding to adopt any help desk solutions many factors should be explored before taking decisions. This will change from business to another but in general there are some kind of rule of thumb. Here are some quick tips: Do we need only ticket…
Introduction In this tutorial, I'll explain how to create an animated progress meter in a wireframe prototype developed using Axure RP 7.0 - a leading prototyping tool for designing web sites and software. (For more information about Axure and gett…
The purpose of this video is to demonstrate how to Import and export files in WordPress. This will be demonstrated using a Windows 8 PC. Go to your WordPress login page. This will look like the following: mywebsite.com/wp-login.php : Click on Too…
The purpose of this video is to demonstrate how to set up the permalinks on a WordPress Website. This will be demonstrated using a Windows 8 PC. Go to your WordPress login page. This will look like the following: mywebsite.com/wp-login.php : Go t…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question