controlled access in fso

Discussion in 'ASP General' started by WC Justice, Dec 23, 2004.

  1. WC Justice

    WC Justice Guest

    I have a SQL Server-driven website with public and secure areas. Anonymous
    connection is via IUSR and authentication for the secure area is done via
    asp. Several pages first authenticate with asp and then use the fso to
    provide access to certain files for downloading or viewing via hyperlink.
    Up to this point, I am satisfied that I am able to control access to certain
    files and folder.

    The problem arises that, if an internet user guesses the path and filename,
    he can download a file through the browser. The actual files are outside of
    the website tree, and are accessed via virtual directories. I have tried to
    fix this by limiting access to the base folder to internal users only and
    creating a user "IFSO" that has external access.

    Where I am at this point is that I get a "File Not Found" error when the
    fso.getfolder method tries to execute. Can I pass userid and password
    arguments in the getfolder method? If not, do you have any ideas as to how
    to give the website access to these folders without giving the public
    unrestricted access to them?

    Thank you
     
    WC Justice, Dec 23, 2004
    #1
    1. Advertising

  2. WC Justice

    Mark Schupp Guest

    Either put the files completely outside the web-site so that they are not
    accessible via HTTP at all or put them in a web-site directory that does not
    allow read access in IIS.

    For an example of the second approach try these URLS:

    http://www.ielearning.com/wbtroot/html/logo.gif
    http://www.ielearning.com/wbtroot/asp/logo.gif

    --
    --Mark Schupp
    Head of Development
    Integrity eLearning
    www.ielearning.com

    "WC Justice" <> wrote in message
    news:HVEyd.14148$...
    >I have a SQL Server-driven website with public and secure areas. Anonymous
    >connection is via IUSR and authentication for the secure area is done via
    >asp. Several pages first authenticate with asp and then use the fso to
    >provide access to certain files for downloading or viewing via hyperlink.
    >Up to this point, I am satisfied that I am able to control access to
    >certain files and folder.
    >
    > The problem arises that, if an internet user guesses the path and
    > filename, he can download a file through the browser. The actual files
    > are outside of the website tree, and are accessed via virtual directories.
    > I have tried to fix this by limiting access to the base folder to internal
    > users only and creating a user "IFSO" that has external access.
    >
    > Where I am at this point is that I get a "File Not Found" error when the
    > fso.getfolder method tries to execute. Can I pass userid and password
    > arguments in the getfolder method? If not, do you have any ideas as to
    > how to give the website access to these folders without giving the public
    > unrestricted access to them?
    >
    > Thank you
    >
     
    Mark Schupp, Dec 23, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. kevin bailey
    Replies:
    1
    Views:
    490
    bruce barker
    Nov 24, 2004
  2. Michael N. Christoff

    Mars Rover Controlled By Java

    Michael N. Christoff, Jan 16, 2004, in forum: Java
    Replies:
    146
    Views:
    6,257
    Greg Gauthier
    Jan 5, 2005
  3. Antoine Diot
    Replies:
    4
    Views:
    5,070
    pravda
    Jun 5, 2004
  4. Guest

    IIS6 & FSO remote server access

    Guest, Apr 8, 2005, in forum: ASP General
    Replies:
    0
    Views:
    179
    Guest
    Apr 8, 2005
  5. Tim Tyteca

    How to let FSO access netware folder ?

    Tim Tyteca, Aug 22, 2006, in forum: Javascript
    Replies:
    2
    Views:
    113
    Tim Tyteca
    Aug 22, 2006
Loading...

Share This Page