C
CBarry
I have a web site that has a secure area using ASP to
query a MS SQL Server Database; if the user's credentials
are authenticated then a session variable is populated.
Each web page I want secured checks for the presence of
this Session variable being populated. If the Variable
is populated then the user can access the page, if the
variable is not populated then the user is directed to a
login page. http://support.microsoft.com/default.aspx?
scid=kb;[LN];299987
This approach works great for protecting web pages,
however some of the pages contain hyperlinks to
application update files (exe's) and PDF documents that I
would also like secured. Currently if my users new the
exact URL to a document they could go directly to that
URL and download the files without logging in.
There is also an area of the web site that is used for
displaying weekly reports to our clients. I never know
the names of these report files, therefore so I don't
have to modify the hyperlinks each week, the ASP page
reads the files in a specified folder and dynamically
creates Hyperlinks to the files in that folder. I do
this using the Scripting.FileSystemObject object, however
in order to use this object the user IUSR_<MachineName>
must be able to read the folder.
http://www.mna.hkr.se/caspdoc/html/vbscript_filesystemobje
ct_object.htm
I have tried looking at
http://www.websunlimited.com/order/Product/PagePro/pagepro
..htm but this does not seem to work for none web pages
such as executables and PDF files.
I have looked into using NTFS security, however in order
for the area of the site that uses the
Scripting.FileSystemObject object I must give the
IUSR_<MachineName> user read rights. Plus I would like
to have a login screen that is integrated with my web
site rather then the windows login.
Basically what I'm looking for is a way to secure web
pages and other documents, by having the users login
using a web page that looks and feels as it it's part of
my web site.
Any help would be greatly appreciated.
query a MS SQL Server Database; if the user's credentials
are authenticated then a session variable is populated.
Each web page I want secured checks for the presence of
this Session variable being populated. If the Variable
is populated then the user can access the page, if the
variable is not populated then the user is directed to a
login page. http://support.microsoft.com/default.aspx?
scid=kb;[LN];299987
This approach works great for protecting web pages,
however some of the pages contain hyperlinks to
application update files (exe's) and PDF documents that I
would also like secured. Currently if my users new the
exact URL to a document they could go directly to that
URL and download the files without logging in.
There is also an area of the web site that is used for
displaying weekly reports to our clients. I never know
the names of these report files, therefore so I don't
have to modify the hyperlinks each week, the ASP page
reads the files in a specified folder and dynamically
creates Hyperlinks to the files in that folder. I do
this using the Scripting.FileSystemObject object, however
in order to use this object the user IUSR_<MachineName>
must be able to read the folder.
http://www.mna.hkr.se/caspdoc/html/vbscript_filesystemobje
ct_object.htm
I have tried looking at
http://www.websunlimited.com/order/Product/PagePro/pagepro
..htm but this does not seem to work for none web pages
such as executables and PDF files.
I have looked into using NTFS security, however in order
for the area of the site that uses the
Scripting.FileSystemObject object I must give the
IUSR_<MachineName> user read rights. Plus I would like
to have a login screen that is integrated with my web
site rather then the windows login.
Basically what I'm looking for is a way to secure web
pages and other documents, by having the users login
using a web page that looks and feels as it it's part of
my web site.
Any help would be greatly appreciated.