Password on specific file

[Lars Thomsen Nielsen]

I have made a secure website which you can only get access to
with right username and password. On this webpage I have some
links to some pdf-files, but how can I avoid people from getting
the file if they are not logged on first? As it is now they can
easily get the file if they just know the exact URL-address, ex:
www.website.com/dir/file1.pdf

If people type the URL above I would like them to be redirected
to the logon-page first.

I can't use components or MS-Access database, so I'm looking for
another solution. Hope somebody can help me.

Best regards

Lars

 

[Tom Kaminski [MVP]]

I have made a secure website which you can only get access to
with right username and password. On this webpage I have some
links to some pdf-files, but how can I avoid people from getting
the file if they are not logged on first? As it is now they can
easily get the file if they just know the exact URL-address, ex:
www.website.com/dir/file1.pdf

If people type the URL above I would like them to be redirected
to the logon-page first.

I can't use components or MS-Access database, so I'm looking for
another solution. Hope somebody can help me.

Place the PDF file outside the web root so it does not have a URL and call
an ASP that uses ADODB.Stream and Response.BinaryWrite to serve the file
(after the user has passed your authentication).

http://support.microsoft.com/default.aspx?scid=kb;en-us;276488&Product=asp

--
Tom Kaminski IIS MVP
http://www.microsoft.com/windowsserver2003/community/centers/iis/
http://mvp.support.microsoft.com/
http://www.iisfaq.com/
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
http://www.tryiis.com

 

[Lars Thomsen Nielsen]

Place the PDF file outside the web root so it does not have a
URL and

call an ASP that uses ADODB.Stream and Response.BinaryWrite to serve
the file (after the user has passed your authentication).

How do I place the file outside the web root? As I see it I can't
goto a "lower" path than the place where the index.htm is. On my
webserver there are however paths called "_vti_bin", "_vti_cnf",
"_vti_pvt" etc. I don't much about these, but is it one of these
you are talking about?

PS. I heard that reading files using BinaryRead should be a very
slow way to get large files. Is that correct?

Lars

 

[Joker]

Lets say you are using the default location for your root web of
"C:\Inetpub\wwwroot" (just for arguments sake). You are being told not
to put it in that folder or any of it's sub folders.

So basically put it in a folder like this one "C:\downloads". Then it
will be out of the web. Those _vti* folders are created by the
FrontPage Server extensions.

 

[Lars Thomsen Nielsen]

So basically put it in a folder like this one "C:\downloads".
Then it

will be out of the web.

OK, I might have to say that I don't own the webserver. I have
bought space on a webhotel, so as I see it I can't create a
folder as you described since I don't have access to the C-drive,
or am I wrong?

Lars

 

[Tom Kaminski [MVP]]

OK, I might have to say that I don't own the webserver. I have
bought space on a webhotel, so as I see it I can't create a
folder as you described since I don't have access to the C-drive,
or am I wrong?

You're probably right. Contact your host to discuss your options.

--
Tom Kaminski IIS MVP
http://www.microsoft.com/windowsserver2003/community/centers/iis/
http://mvp.support.microsoft.com/
http://www.iisfaq.com/
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
http://www.tryiis.com

 

[Lars Thomsen Nielsen]

You're probably right. Contact your host to discuss your
options.

They are to cheap, so they don't give that kind of support...

Thanks for your suggestions though.

If somebody comes up with an alternative solution I would be glad
to hear about it.

Lars

 

[Joker]

If it's a PDF file you created, you can enter a username & password into
the file itself, so that without the password the file is useless.