Solved

How do I use a MS ACCESS db of reg users for a secured subweb ?

Posted on 2004-03-26
9
169 Views
Last Modified: 2013-12-24
I want to restrict access to a folder in my frontpage website that contains files for customers to download eg. http://www.mydomain.com/download/ebook01.zip
I have a registration module where buyers have to signup and indicate their preferred Username and Password and the system will email them an acknowledgement which they have to Activate before they can actually login to the 'Registered Customers Page'. This is all working fine. However, on this Registered Customers Page, there are 3 links for them to click to download the files they have paid for. The problem I have is how to prevent the URL of those links from being passed around to non-paying customers. So I figured I needed to secure the folder where the files are. I know how to secure the folder by changing it to a subweb etc. I used a MS ACCESS db to store the registered customers that can login. So, my question is, instead of manually ADDING new users to the frontpgae subweb, is there a way to check against the database that holds the registered customers to grant them access to download the files from the subweb ?

Thanks in advance for any help..:) sorry it is a bit long winded.
0
Comment
Question by:DrBix
  • 4
  • 3
9 Comments
 
LVL 29

Expert Comment

by:coreybryant
ID: 10687480
0
 

Author Comment

by:DrBix
ID: 10693506
I am aware of the Spooky Login. I do not have a problem with securing my web pages. It is the links within those secured pages that I want to protect and from what I have read in the forum, the Spooky Login only protects the pages - which means if I have a link on the secured page with this URL for example:  http://www.mydomain.com/download/ebook.zip  - any user who has logged in can still see the full download path of the file and if that is passed around, anyone can just bypass the login and directly download the file. To solve this problem, it would be great if there is a way to secure the download folder ( which can be done by turning that into a subweb with required permissions ) and only allow those registered customers with login/pw to be able to download the file. If someone knows the path of the download folder etc, at least they now have to have a login/pw - they won't be able to bypass.

I have at the moment managed to hide the actual download path but I want to actually fully secure the folder i.e. so that even if they know the full path, they would not be able to download the file if they have bypassed the login.

 I hope I am expressing the problem clearly.


Many thanks for feedback.
0
 
LVL 29

Expert Comment

by:coreybryant
ID: 10694375
Right-click the folder and choose "convert  to web". This makes the folder a sub-web of the main website. Once you publish the web to your network you have to open each of the pages in each folder. Go to tools on the menu bar, choose security. Select "this web has unique permissions", then click apply. Then choose Add Users, and create a username and password for each page.

-Corey
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:DrBix
ID: 10694515
Sorry, perhaps I was not clear about what I need, but you are on the right track. I know how to do the subweb thing. What I do NOT want to do is to manually ADD USERS. What I want is to allow those registered users, whose details are stored in an MS ACCCESS db, to access this secured subweb AUTOMATICALLY without needing my intervention. They have gone through a registration process and are my customers - I just want them to be automatically given access rights without me having to manually add them. Is there any function or any way that can link the ADD USERS to reference an existing db where you can specify the login/pw fields to check if a user is an authorised registered user ? This would solve the problem..:)
0
 
LVL 29

Expert Comment

by:coreybryant
ID: 10694640
Well it is not a FP issue - more geared towards programming.  We actually did something a few days ago for programming something like you are speaking about.  He wanted PDFs to be secured.  I was told they would have to be in a folder that is not accessible via the internet.  And then use something like ASPUploadComponent to access the files.   This will allow the registered members to communicate with the server & files that are not necessarily accessible via the internet (HTTP).  

-Corey
0
 

Author Comment

by:DrBix
ID: 10694680
All my files are on the server that has to be accessible via the Internet so that the whole things can just run on it's own without any manual intervention. So is it the conclusion that the solution I am looking for is not something that can be done easily or without any programming ?  
0
 
LVL 29

Accepted Solution

by:
coreybryant earned 30 total points
ID: 10694695
Correct.  You are wanting to secure non-HTML / non-ASP files.  You need to enter user names manually.  FP will not communicate with an MS Access DB the way that you desire.  You might be looking at about 25 hours of programming.  

-Corey
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

This article provides a case study on how our local youth baseball league deployed a new website, including the platform selection, implementation and benefits to the league.
When setting up new project requests for our site, one of the most powerful tools our team has available to use is Axure (http://www.axure.com/). It’s a tool for creating software and web prototypes that can function and interact as if it were the a…
The purpose of this video is to demonstrate how to create a Printer Friendly PDF on a WordPress Page. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome Screenshot” Google Chrome Extension, and SmallPDF.com Log…
The purpose of this video is to demonstrate how to exclude a particular blog category from the main blog page. This is can be used when a category already has its own tab, or you simply want certain types of posts not to show up on the main blog. …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now