Re: Securing file access

[Ben Timby <asp () webexc com>]

John, you would need to write an asp script that would use the 
Scripting.FileSystemObject to open the file. You can then set the 
Response.ContentType & Response.AddHeader("Content-Disposition") to 
appropriate values. After that, you can then do a Response.BinaryWrite 
of the file contents from the stream provided by the FSO. This will send 
the data to the browser via your script allowing you to control access.

Search for any of the terms above in google, and you will find many 
examples.

Good luck.

John M. L. wrote:
> I have a project that involves a members only area on web page on IIS.
> The members' only area is secured by a database (MS Access) so users are
> authenticated by their name and some MD5 hash etc.  I need to allow files
> (mostly PDFs) for download to authenticated users only.  In my opinion this
> means that the files can not be stored in any www accessible folder
> (regardless of any renaming convention etc, I absolutely cannot have someone
> guess a file name to download).  In order to access the files, the database
> would link a file to a unique id, so a page that validates the user would
> then give access to the file stored outside of the www on the server.  Now,
> this is where the real question lies.  How is this possible since the files
> are not in a www accessible path, since a mere link to a file won't due.
> Any thoughts would be welcome.  If I'm going about this completely wrong
> that would be nice to no too :)  Forgive me if the answer is simple, I'm a
> Linux fan and haven't used IIS etc for years.
> One more note: IIS, MS Access and VBScript are not my technologies of
> choice, but merely what I was given to work with.  I also have very limited
> control over administering IIS.
>
> John
> www.recaffeinated.com