One way would be to use Windows authentication on your site instead of users
and passwords in a database. This is often not a viable solution. So, the
more appropriate way would then be to store the .exe file outside of the WWW
area in the file system on your server, and then stream the file back to the
authenticated user:
ASP files: D:\Inetpub\thesite
Path to the exe file: D:\Files\myfile.exe
<%
If Session("loggedin") Then ''or whatever you're using to check for
login
FPath = "D:\Files\myfile.exe"
Set adoStream = CreateObject("ADODB.Stream")
adoStream.Open()
adoStream.Type = 1
adoStream.LoadFromFile(FPath)
Response.BinaryWrite adoStream.Read()
adoStream.Close: Set adoStream = Nothing
Response.End
Else
Response.Redirect "/login.asp"
End If
%>
Adapted from
http://www.aspfaq.com/show.asp?id=2276
Ray at work
"Pete" <Pe**@discussions.microsoft.com> wrote in message
news:A6**********************************@microsof t.com...
I have an Access db with usernames and passwords set up on a web site.
Upon signing in to a password protected asp page which contains a link to an
exe file, the user clicks the link and the browser asks to either Open or Save
the file.
All this works fine, but if the user simply types the full path to the
file in the address bar, the browser again asks the user to either Open or Save
the file - thus bypassing the security.
Is there a way to prevent this "back door" method of accessing the file or
would I have to set up an FTP mechanism. If so, How would I go about this?
Many thanks.