Using NTFS security to protect files served via asp/iis

travelling_nerd

Folks:

I have some zip files I'd like to serve to authenticated users on my
site, but would like to prevent unauthorized users from using an
absolute path to get to these zip files. For example
http://blah.com/file.zip should not be accessible directly without
authenticating. However, my current authenticaion goes to an LDAP
server and I'd rather not prompt users for another username and
password.

The only way I can figure this is to create a local user account on
the server, then set it to have NTFS read permissions for file. The
tricky part is using asp to pass windows authentication information in
the background to the server. Once it's authenticated, the download
begins. If a user somehow figures the absolute path to ther file, he
should be prevented from downloading it.

Is this possible?

Help.

Roberto

Jul 19 '05 #1

Subscribe Reply

1804

Tom Kaminski [MVP]

"travelling_ner d" <tr************ *@yahoo.com> wrote in message
news:96******** *************** **@posting.goog le.com...

Folks:

I have some zip files I'd like to serve to authenticated users on my
site, but would like to prevent unauthorized users from using an
absolute path to get to these zip files. For example
http://blah.com/file.zip should not be accessible directly without
authenticating. However, my current authenticaion goes to an LDAP
server and I'd rather not prompt users for another username and
password.

The only way I can figure this is to create a local user account on
the server, then set it to have NTFS read permissions for file. The
tricky part is using asp to pass windows authentication information in
the background to the server. Once it's authenticated, the download
begins. If a user somehow figures the absolute path to ther file, he
should be prevented from downloading it.

Is this possible?

The whole NTFS part is simple. I'm not sure I understand why you want ASP
to be involved.

IIS 5 Documentation
http://www.microsoft.com/windows2000/en/server/iis/
Microsoft Internet Information Server
Administration
Server Administration
Security
Authentication
Access Control

IIS 6 Documentation
http://www.microsoft.com/technet/pro...entication.asp
HOW TO: Configure IIS 5.0 Web Site Authentication in Windows 2000
http://support.microsoft.com/?id=310344
HOW TO: Configure User and Group Access on an Intranet in Windows 2000 or
Windows NT 4.0
http://support.microsoft.com/?id=325358
HOW TO: Configure IIS Web Site Authentication in Windows Server 2003
http://support.microsoft.com/default...b;en-us;324274

Make sure you disable simple file sharing in XP
http://support.microsoft.com/default...b;en-us;304040
--
Tom Kaminski IIS MVP
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
http://mvp.support.microsoft.com/
http://www.microsoft.com/windowsserv...y/centers/iis/

Jul 19 '05 #2

travelling_nerd

"Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> wrote in message news:<c4******* ***@kcweb01.net news.att.com>.. .

"travelling_ner d" <tr************ *@yahoo.com> wrote in message
news:96******** *************** **@posting.goog le.com...
Folks:

I have some zip files I'd like to serve to authenticated users on my
site, but would like to prevent unauthorized users from using an
absolute path to get to these zip files. For example
http://blah.com/file.zip should not be accessible directly without
authenticating. However, my current authenticaion goes to an LDAP
server and I'd rather not prompt users for another username and
password.

The only way I can figure this is to create a local user account on
the server, then set it to have NTFS read permissions for file. The
tricky part is using asp to pass windows authentication information in
the background to the server. Once it's authenticated, the download
begins. If a user somehow figures the absolute path to ther file, he
should be prevented from downloading it.

Is this possible?

The whole NTFS part is simple. I'm not sure I understand why you want ASP
to be involved.

Sorry for the lack of clarity. What I want to do is authenticate, via
asp, access to a file that has specific ntfs permissions. For example.
A local user on the server is called "bob". I want only "bob" to
download the file, but I don't want the web browser to prompt him for
his username and pw. I want to hard code it in asp. Only bob will know
the url to the file.

Jul 19 '05 #3

Similar topics

453

NTFS rights not honored

by: Pål Andreassen | last post by:

Running Windows 2003 Server Framework 1.1 A site is configured to use integrated security (in IIS 6) Windows autentication and user impersonation in web.config <identity impersonate="true" /> <authentication mode="Windows" /> I've got a ASPX page that lists folders and files from a predefined location on the server. These folders and files have access rights set to

.NET Framework

2689

What is the easiest way to query a remote XML file on someone elses Linux box using secure communication?

by: Dan V. | last post by:

Situation: I have to connect with my Windows 2000 server using VS.NET 2003 and C# and connect to a remote Linux server at another company's office and query their XML file. Their file may be updated every hour or so. How can I do this easily? I would like to use secure communication even encryption if possible. I would query and insert locally only the newest records found in that XML file to an xml or MS access db.

.NET Framework

12682

Executing a DTS Package using an ASP (VBScript)

by: chris.dunigan | last post by:

I'm looking for an example of how to execute an existing DTS package from an ASP (VB)script and would appreciate any and all response. I don't even know if it's possible Thanks - Chuck Gatto Dan Guzman Apr 27 2000, 12:00 am show options

Microsoft SQL Server

294

Access 2003 security

by: sdupuis | last post by:

I have inherited some databases which were originally created with Access 2.0 and have gone the conversion route of '95, '97, 2000. I now need to convert them to work in Access 2003 and with XP. However, I was left with next to no documentation or security account information and have been unable to join any of the work- or usergroups to be able to complete conversion work. There is a guest account which will run the application but of...

Microsoft Access / VBA

2337

Removing NTFS Folder Permissions On Win2000 In .NET Without using WMI

by: Ram | last post by:

Hey, I'v managed to find a way of adding NTFS permissions to a certain folder, But the problem is, the folder has a couple of inherited permissions which I want to delete. How can I remove the folder's NTFS permissions WITHOUT using WMI or special XP features? Thanks ahead! --Ram

C# / C Sharp

12155

Get access denied error when using DirectoryInfo.delete

by: Charts | last post by:

I login as administrator of the machine. However running the following code get access denied exception for file inside the directory. The source code: DirectoryInfo target = new DirectoryInfo(TargetDirectory); target.Delete(true); I donâ€™t have problem manually delete the whole directory. Please advice. Thanks,

C# / C Sharp

5047

API Help please - How do I find the owner of a file or folder using

by: John Regan | last post by:

Hello All I am trying to find the owner of a file or folder on our network (Windows 2000 Server) using VB.Net and/or API. so I can search for Folders that don't follow our company's specified folder structure and naming conventions and then send a Net send message to those users telling them to rectify. The information I want to get is when you select the file/folder and then: Properties -> Security Tab -> Advanced Button -> Owner Tab ->...

Visual Basic .NET

4273

Removing NTFS Folder Permissions Using .NET

by: Ram | last post by:

Visual Basic .NET

1410

C#-WEB: access denied using GetFiles() on AD network share

by: GregInHouston2 | last post by:

I am attempting to access the files on a share on a server in my network so I can list the files there on an intranet web page. At this point, the share permissions and the NTFS permissions are set so open that it scares me but my GetFiles() call still generates an "access denied" exception. I have even given "Everyone" read access to the share and read, read&execute, and list folder contents permision on NTFS. The Directory Security...

.NET Framework

9589

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...

General

10219

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...

C / C++

10049

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...

Online Marketing

9998

The easy way to turn off automatic updates for Windows 10/11

by: Hystou | last post by:

Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...

Windows Server

8876

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...

Career Advice

7413

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...

Microsoft Access / VBA

5310

Trying to create a lan-to-lan vpn between two differents networks

by: TSSRALBI | last post by:

Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...

Networking - Hardware / Configuration

5448

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

3567

How to add payments to a PHP MySQL app.

by: muto222 | last post by:

How can i add a mobile payment intergratation into php mysql website.

PHP