Home > Archive > ASP > December 2004 > controlled access in fso
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
controlled access in fso
|
|
| WC Justice 2004-12-23, 3:55 pm |
| I have a SQL Server-driven website with public and secure areas. Anonymous
connection is via IUSR and authentication for the secure area is done via
asp. Several pages first authenticate with asp and then use the fso to
provide access to certain files for downloading or viewing via hyperlink.
Up to this point, I am satisfied that I am able to control access to certain
files and folder.
The problem arises that, if an internet user guesses the path and filename,
he can download a file through the browser. The actual files are outside of
the website tree, and are accessed via virtual directories. I have tried to
fix this by limiting access to the base folder to internal users only and
creating a user "IFSO" that has external access.
Where I am at this point is that I get a "File Not Found" error when the
fso.getfolder method tries to execute. Can I pass userid and password
arguments in the getfolder method? If not, do you have any ideas as to how
to give the website access to these folders without giving the public
unrestricted access to them?
Thank you
| |
| Mark Schupp 2004-12-23, 8:55 pm |
| Either put the files completely outside the web-site so that they are not
accessible via HTTP at all or put them in a web-site directory that does not
allow read access in IIS.
For an example of the second approach try these URLS:
http://www.ielearning.com/wbtroot/html/logo.gif
http://www.ielearning.com/wbtroot/asp/logo.gif
--
--Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"WC Justice" <BJustice@wcje.com> wrote in message
news:HVEyd.14148$wZ1.579@bignews3.bellsouth.net...
>I have a SQL Server-driven website with public and secure areas. Anonymous
>connection is via IUSR and authentication for the secure area is done via
>asp. Several pages first authenticate with asp and then use the fso to
>provide access to certain files for downloading or viewing via hyperlink.
>Up to this point, I am satisfied that I am able to control access to
>certain files and folder.
>
> The problem arises that, if an internet user guesses the path and
> filename, he can download a file through the browser. The actual files
> are outside of the website tree, and are accessed via virtual directories.
> I have tried to fix this by limiting access to the base folder to internal
> users only and creating a user "IFSO" that has external access.
>
> Where I am at this point is that I get a "File Not Found" error when the
> fso.getfolder method tries to execute. Can I pass userid and password
> arguments in the getfolder method? If not, do you have any ideas as to
> how to give the website access to these folders without giving the public
> unrestricted access to them?
>
> Thank you
>
|
|
|
|
|