Solved

How do I use a MS ACCESS db of reg users for a secured subweb ?

Posted on 2004-03-26
9
175 Views
Last Modified: 2013-12-24
I want to restrict access to a folder in my frontpage website that contains files for customers to download eg. http://www.mydomain.com/download/ebook01.zip 
I have a registration module where buyers have to signup and indicate their preferred Username and Password and the system will email them an acknowledgement which they have to Activate before they can actually login to the 'Registered Customers Page'. This is all working fine. However, on this Registered Customers Page, there are 3 links for them to click to download the files they have paid for. The problem I have is how to prevent the URL of those links from being passed around to non-paying customers. So I figured I needed to secure the folder where the files are. I know how to secure the folder by changing it to a subweb etc. I used a MS ACCESS db to store the registered customers that can login. So, my question is, instead of manually ADDING new users to the frontpgae subweb, is there a way to check against the database that holds the registered customers to grant them access to download the files from the subweb ?

Thanks in advance for any help..:) sorry it is a bit long winded.
0
Comment
Question by:DrBix
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
9 Comments
 
LVL 29

Expert Comment

by:coreybryant
ID: 10687480
0
 

Author Comment

by:DrBix
ID: 10693506
I am aware of the Spooky Login. I do not have a problem with securing my web pages. It is the links within those secured pages that I want to protect and from what I have read in the forum, the Spooky Login only protects the pages - which means if I have a link on the secured page with this URL for example:  http://www.mydomain.com/download/ebook.zip  - any user who has logged in can still see the full download path of the file and if that is passed around, anyone can just bypass the login and directly download the file. To solve this problem, it would be great if there is a way to secure the download folder ( which can be done by turning that into a subweb with required permissions ) and only allow those registered customers with login/pw to be able to download the file. If someone knows the path of the download folder etc, at least they now have to have a login/pw - they won't be able to bypass.

I have at the moment managed to hide the actual download path but I want to actually fully secure the folder i.e. so that even if they know the full path, they would not be able to download the file if they have bypassed the login.

 I hope I am expressing the problem clearly.


Many thanks for feedback.
0
 
LVL 29

Expert Comment

by:coreybryant
ID: 10694375
Right-click the folder and choose "convert  to web". This makes the folder a sub-web of the main website. Once you publish the web to your network you have to open each of the pages in each folder. Go to tools on the menu bar, choose security. Select "this web has unique permissions", then click apply. Then choose Add Users, and create a username and password for each page.

-Corey
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Author Comment

by:DrBix
ID: 10694515
Sorry, perhaps I was not clear about what I need, but you are on the right track. I know how to do the subweb thing. What I do NOT want to do is to manually ADD USERS. What I want is to allow those registered users, whose details are stored in an MS ACCCESS db, to access this secured subweb AUTOMATICALLY without needing my intervention. They have gone through a registration process and are my customers - I just want them to be automatically given access rights without me having to manually add them. Is there any function or any way that can link the ADD USERS to reference an existing db where you can specify the login/pw fields to check if a user is an authorised registered user ? This would solve the problem..:)
0
 
LVL 29

Expert Comment

by:coreybryant
ID: 10694640
Well it is not a FP issue - more geared towards programming.  We actually did something a few days ago for programming something like you are speaking about.  He wanted PDFs to be secured.  I was told they would have to be in a folder that is not accessible via the internet.  And then use something like ASPUploadComponent to access the files.   This will allow the registered members to communicate with the server & files that are not necessarily accessible via the internet (HTTP).  

-Corey
0
 

Author Comment

by:DrBix
ID: 10694680
All my files are on the server that has to be accessible via the Internet so that the whole things can just run on it's own without any manual intervention. So is it the conclusion that the solution I am looking for is not something that can be done easily or without any programming ?  
0
 
LVL 29

Accepted Solution

by:
coreybryant earned 30 total points
ID: 10694695
Correct.  You are wanting to secure non-HTML / non-ASP files.  You need to enter user names manually.  FP will not communicate with an MS Access DB the way that you desire.  You might be looking at about 25 hours of programming.  

-Corey
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this short web based tutorial, I wanted to show users how they can still use the powers of FrontPage in conjunction with Expression Web 3.  Even though Microsoft eliminated the use of Web components, we can still use them with FrontPage and edit …
When setting up new project requests for our site, one of the most powerful tools our team has available to use is Axure (http://www.axure.com/). It’s a tool for creating software and web prototypes that can function and interact as if it were the a…
The purpose of this video is to demonstrate how to reset a WordPress password if you are locked out and cannot reset the password. A typical use would be if you cannot access the email to which WordPress would send the password recovery email to…
The purpose of this video is to demonstrate how to prevent comment spam on a WordPress Website. This will be demonstrated using a Windows 8 PC. Plugin Akismet will be used. Go to your WordPress login page. This will look like the following: myw…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question