A
Armando
Hi,
Here's my scenario: I have a website which is designed to only allow
authenticated users to browse. The authentication is done through a simple
asp script to check a database for a valid username and password. If it's
good it sets a session variable to allow the user to browse. In this website
there is a subfolder containing files which I do not want to be publicly
accessible by using direct URL entry (ie;
http://www.mydomain.com/mywebsite/myprivatefiles/myfile.doc). To do this I
was considering 2 methods: 1) Set NTFS permissions to only allow
authenticated users to see them and 2) using the filesystemobject to
retrieve the files from a non-web accessible directory elsewhere on the
server.
The problems I'm having with the first option is that because my webpage
authenticates to a database (not SQL) and sets a session variable,
technically the authenticated user is still a 'Web Anonymous User' according
to Windows.
With the second method, I am having trouble figuring out how to display an
image file (ie; .jpg) on the webpage from an <img src> tag using the
filesystemobject method of retrieving the file (physical path to the file).
So I'm hoping someone can answer these questions: a) Is there a way using
asp that I can specify a valid NT username so that the user authenticates
properly and has access to the files, or, b) does anyone know how to use the
filesystemobject to retrieve an image file and display it on the page?
Just to let you know, one thing I tried was using virtual paths to access
the folder 1 level up on the physical directory structure but because I have
disabled parent paths (due to security concerns), this is not possible.
Thanks to anyone who can help!
Armando
Here's my scenario: I have a website which is designed to only allow
authenticated users to browse. The authentication is done through a simple
asp script to check a database for a valid username and password. If it's
good it sets a session variable to allow the user to browse. In this website
there is a subfolder containing files which I do not want to be publicly
accessible by using direct URL entry (ie;
http://www.mydomain.com/mywebsite/myprivatefiles/myfile.doc). To do this I
was considering 2 methods: 1) Set NTFS permissions to only allow
authenticated users to see them and 2) using the filesystemobject to
retrieve the files from a non-web accessible directory elsewhere on the
server.
The problems I'm having with the first option is that because my webpage
authenticates to a database (not SQL) and sets a session variable,
technically the authenticated user is still a 'Web Anonymous User' according
to Windows.
With the second method, I am having trouble figuring out how to display an
image file (ie; .jpg) on the webpage from an <img src> tag using the
filesystemobject method of retrieving the file (physical path to the file).
So I'm hoping someone can answer these questions: a) Is there a way using
asp that I can specify a valid NT username so that the user authenticates
properly and has access to the files, or, b) does anyone know how to use the
filesystemobject to retrieve an image file and display it on the page?
Just to let you know, one thing I tried was using virtual paths to access
the folder 1 level up on the physical directory structure but because I have
disabled parent paths (due to security concerns), this is not possible.
Thanks to anyone who can help!
Armando