Password-only access to files in a certain folder 
Author Message
 Password-only access to files in a certain folder

I have a website hosted on a Windows 2000 IIS server, with Classic ASP.

I need to restrict access to certain areas. Ideally, when a visitor clicks
on a link to a file in a certain folder, or types in the URL directly., they
will be challenged for a username & password.

How should I approach this?

Currently, I have a system which works when they click on the link; but it
can be by-passed if you know the actual URL of the file which you want.

Is there a way to hide the URL from the visitor?

Thanks in advance!

David Martin



Sat, 29 Oct 2005 16:11:10 GMT  
 Password-only access to files in a certain folder
Hi David,

If you want to restrict users at individual file level then the best way is
to use NTFS permissions.

For files that are open to anyone set the IUSR_<computername> account to
have read or read/execute permissions as appropriate.  For all others,
assign specific user accounts to these files and deny the
IUSR_<computername> account.  This way, when IIS tries to access the file
they will be denied and you will then be challenged for credentials.

Rich.

--
--

This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use. ? 2001 Microsoft Corporation. All rights
reserved.


Quote:
> I have a website hosted on a Windows 2000 IIS server, with Classic ASP.

> I need to restrict access to certain areas. Ideally, when a visitor clicks
> on a link to a file in a certain folder, or types in the URL directly.,
they
> will be challenged for a username & password.

> How should I approach this?

> Currently, I have a system which works when they click on the link; but it
> can be by-passed if you know the actual URL of the file which you want.

> Is there a way to hide the URL from the visitor?

> Thanks in advance!

> David Martin



Sat, 29 Oct 2005 16:20:42 GMT  
 Password-only access to files in a certain folder

Quote:
> I have a website hosted on a Windows 2000 IIS server, with Classic ASP.

> I need to restrict access to certain areas. Ideally, when a visitor clicks
> on a link to a file in a certain folder, or types in the URL directly.,
they
> will be challenged for a username & password.

> How should I approach this?

http://www.microsoft.com/windows2000/en/server/iis/

Microsoft Internet Information Server
     Administration
         Server Administration
             Security
                 Authentication
                 Access Control

HOW TO: Configure IIS 5.0 Web Site Authentication in Windows 2000
http://support.microsoft.com/?id=310344
HOW TO: Configure User and Group Access on an Intranet in Windows 2000 or
Windows NT 4.0
http://support.microsoft.com/?id=325358

--
Tom Kaminski IIS MVP
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
http://mvp.support.microsoft.com/
http://www.microsoft.com/windowsserver2003/community/centers/iis/



Sat, 29 Oct 2005 20:10:09 GMT  
 Password-only access to files in a certain folder
Maybe using NTFS permission on individual file or folders

To hide an URL you can change your data to be downloaded to a
"databse-style" (stored in a database, rather in a file ystem)
Yopu can try to use top frams of 1 Pixel of widht to "hide" the real page or
use JS/VBS (maybe even server side) to write a custom URL "on-demand"

Quote:
> I need to restrict access to certain areas. Ideally, when a visitor clicks
> on a link to a file in a certain folder, or types in the URL directly.,
they
> will be challenged for a username & password.

> How should I approach this?

> Currently, I have a system which works when they click on the link; but it
> can be by-passed if you know the actual URL of the file which you want.

> Is there a way to hide the URL from the visitor?

> Thanks in advance!

> David Martin



Sun, 30 Oct 2005 04:02:16 GMT  
 Password-only access to files in a certain folder
I do not have access to the server, other than FTP and FrontPage extensions.
The ISP did not offer NTFS permissions as a solution. He did suggest a
password-protected FTP folder, but I also want to display pages.
Is it possible for me to set the permissions?
If not, I'm looking for a solution which I can implement without direct
access to the server.

Thanks to all those who replied.

--
David Martin
{*filter*} Web Developer
http://www.*-*-*.com/
---------------------------------------------------------------
Info Blue Mountains - Mountains of Blue Mountains Info
http://www.*-*-*.com/


Quote:
> I have a website hosted on a Windows 2000 IIS server, with Classic ASP.

> I need to restrict access to certain areas. Ideally, when a visitor clicks
> on a link to a file in a certain folder, or types in the URL directly.,
they
> will be challenged for a username & password.

> How should I approach this?

> Currently, I have a system which works when they click on the link; but it
> can be by-passed if you know the actual URL of the file which you want.

> Is there a way to hide the URL from the visitor?

> Thanks in advance!

> David Martin



Sun, 30 Oct 2005 06:28:58 GMT  
 Password-only access to files in a certain folder
You could script your own security:
http://www.*-*-*.com/

and place the protected files outside the web root so there's no direct
access and then stream the files with an ASP:
(see the use of Response.BinaryWrite and ADODB.Stream)
http://www.*-*-*.com/
http://www.*-*-*.com/

--
Tom Kaminski IIS MVP
http://www.*-*-*.com/ , scripts, and utilities for running IIS
http://www.*-*-*.com/
http://www.*-*-*.com/


Quote:
> I do not have access to the server, other than FTP and FrontPage
extensions.
> The ISP did not offer NTFS permissions as a solution. He did suggest a
> password-protected FTP folder, but I also want to display pages.
> Is it possible for me to set the permissions?
> If not, I'm looking for a solution which I can implement without direct
> access to the server.

> Thanks to all those who replied.

> --
> David Martin
> {*filter*} Web Developer
> http://www.*-*-*.com/
> ---------------------------------------------------------------
> Info Blue Mountains - Mountains of Blue Mountains Info
> http://www.*-*-*.com/



> > I have a website hosted on a Windows 2000 IIS server, with Classic ASP.

> > I need to restrict access to certain areas. Ideally, when a visitor
clicks
> > on a link to a file in a certain folder, or types in the URL directly.,
> they
> > will be challenged for a username & password.

> > How should I approach this?

> > Currently, I have a system which works when they click on the link; but
it
> > can be by-passed if you know the actual URL of the file which you want.

> > Is there a way to hide the URL from the visitor?

> > Thanks in advance!

> > David Martin



Sun, 30 Oct 2005 19:59:10 GMT  
 
 [ 6 post ] 

 Relevant Pages 

1. File access error when Outlook folder is password protected

2. Find files updated after certain date in a folder

3. I want to delete all the folders (and files) below certain path

4. procedure to find certain files from a certain date on harddisk

5. How to access million files from a folder and move them to separate folders

6. help!!!how to access the share folder with password

7. Access to a password protected shared folder from within vb6

8. Accessing password proteceted shared folders on 95/98 ?

9. Password protect, lock, hide and secure files, folders and drives on your computer 4621

10. Password protect, lock, hide and secure files, folders and drives on your computer 816

11. Setting Password protection for certain web pages

12. how do i access a password protected MS-ACCESS db without the password

 

 
Powered by phpBB® Forum Software