Solved

Restrict access to Word docs w/in a site

Posted on 2004-04-07
7
145 Views
Last Modified: 2013-12-04
My company has security set up on our internal sites that do not allow people to enter hard-coded asp files and directly access them.  It forces them to go through the log-in screen and follow the proper links to get to what they need.  It has been working great for 2 years now.

The problem is, we have links to word and excel docs on our site.  The security we have set up on asp does not work on these files (because the asp files have an include that provides that security).  Is there some way to put this kind of control at the site level?  I looked into global.asa files but those only work on asp files.

Any ideas?

0
Comment
Question by:ags00
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
7 Comments
 
LVL 16

Expert Comment

by:JamesDS
ID: 10781142
ags00

You need to set the NTFS permissions on the folders where the files actually exist - or on the files themselves (although this will get complicated)

You can use the same method for securing the ASP as well and save yourself all that extra security coding and session variable checking.

Cheers

JamesDS
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10781524
Understanding NTFS permissions:
http://www.windowsitlibrary.com/Content/592/1.html

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 

Author Comment

by:ags00
ID: 10783086
Either this is not what I need or I am not understanding how to use it.  If I restrict the NTFS permissions how would that work?  If someone accesses the pages through the proper channels, great.  If they hard code the location in their browser, they should not be able to see the page, whether they get a "page can't be displayed" or it redirects them to the last page they were on.  To me it seems like the only thing I can do with NTFS is completely restrict or grant access, regardless of how they got to the page.
0
The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

 
LVL 16

Expert Comment

by:JamesDS
ID: 10783123
aha, sorry

No you can't apply the session security settings to files in that manner.

Cheers

JamesDS
0
 

Author Comment

by:ags00
ID: 10783156
I figured - that would be too easy :-)

I think the only solution to this is SSL... do you know if that is on your site, if you can directly access documents or not?
0
 
LVL 12

Accepted Solution

by:
trywaredk earned 200 total points
ID: 10790113
Step-by-Step Guide to Public Key-Based Client Authentication in Internet Explorer - Nice little overview from Microsoft going through the configuration of IE when you want certificate based authentication using TLS/SSL. Only the client side is described here. 2 pages.
http://www.microsoft.com/windows2000/techinfo/planning/security/pubkeyie.asp 
0

Featured Post

Why You Need a DevOps Toolchain

IT needs to deliver services with more agility and velocity. IT must roll out application features and innovations faster to keep up with customer demands, which is where a DevOps toolchain steps in. View the infographic to see why you need a DevOps toolchain.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question