File downloads

One way would be to use Windows authentication on your site instead of users
and passwords in a database. This is often not a viable solution. So, the
more appropriate way would then be to store the .exe file outside of the WWW
area in the file system on your server, and then stream the file back to the
authenticated user:

ASP files: D:\Inetpub\thesite
Path to the exe file: D:\Files\myfile.exe

<%
If Session("loggedin") Then ''or whatever you're using to check for
login
FPath = "D:\Files\myfile.exe"
Set adoStream = CreateObject("ADODB.Stream")
adoStream.Open()
adoStream.Type = 1
adoStream.LoadFromFile(FPath)
Response.BinaryWrite adoStream.Read()
adoStream.Close: Set adoStream = Nothing
Response.End
Else
Response.Redirect "/login.asp"
End If
%>

Adapted from http://www.aspfaq.com/show.asp?id=2276

Ray at work
"Pete" <Pe**@discussions.microsoft.com> wrote in message
news:A6**********************************@microsof t.com...

I have an Access db with usernames and passwords set up on a web site. Upon signing in to a password protected asp page which contains a link to an exe file, the user clicks the link and the browser asks to either Open or Save
the file.

All this works fine, but if the user simply types the full path to the file in the address bar, the browser again asks the user to either Open or Save
the file - thus bypassing the security.

Is there a way to prevent this "back door" method of accessing the file or
would I have to set up an FTP mechanism. If so, How would I go about this?

Many thanks.

You can try something like http://www.aspfaq.com/show.asp?id=2276

--
--Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com

"Pete" <Pe**@discussions.microsoft.com> wrote in message
news:A6**********************************@microsof t.com...

I have an Access db with usernames and passwords set up on a web site. Upon
signing in to a password protected asp page which contains a link to an
exe
file, the user clicks the link and the browser asks to either Open or Save
the file.

All this works fine, but if the user simply types the full path to the
file
in the address bar, the browser again asks the user to either Open or Save
the file - thus bypassing the security.

Is there a way to prevent this "back door" method of accessing the file or
would I have to set up an FTP mechanism. If so, How would I go about this?

Many thanks.

...
1- You can make a Field in your Access Database in OLE object type .
And then insert files in database not in a path or folder .
of course it is not a method with good performance .
Authentication and Authorization will do from database .

2- Make a folder outside wwwroot and rename it to "uploads" then
copy all secured files in it . Now for addressing use this code
<a href='<% Server.MapPath("../uploads/yourfile1.zip") %>'>Link</a>
When user click on link must enter Username and Password that
made in Windows .
...

"Pete" wrote:

I have an Access db with usernames and passwords set up on a web site. Upon
signing in to a password protected asp page which contains a link to an exe
file, the user clicks the link and the browser asks to either Open or Save
the file.

All this works fine, but if the user simply types the full path to the file
in the address bar, the browser again asks the user to either Open or Save
the file - thus bypassing the security.

Is there a way to prevent this "back door" method of accessing the file or
would I have to set up an FTP mechanism. If so, How would I go about this?

Many thanks.