Hello All,
I have what I thought would be a simple problem although I've been searching
for a few hours with no luck.
I have several PDF and MPG files I would like to provide to users to
download via HTTP. I also have a database of user accounts. I would like to
protect the PDF and MPG files so that users cannot "save target as" or "view
source" to directly link to the files.
My first thought is that I would have to remove anonymous access to these
files and/or their parent folder within IIS. I was thinking that I could
then create a Windows account called something like WebUsers and give it
access to that folder. I'm hoping to write some ASP code that authenticates
my users against my own database and, if successful, logs them into IIS via
the WebUsers account (so that all my users share the same account).
My problem is I cannot find an code or method or object to do this. Is there
some simple function that I can use to pass a username, pw, and domain to
IIS to authenticate the user that would then carry through for them to be
able to download non-ASP (PDF, etc.) content?
Or, am I completely thinking about this the wrong way? It seems to me that
this is something that would be fairly common.
Thanks,
Brian
5  2651 
You can use an ADO Sttream object to do this: it reads the file from
its location and streams it to the user.
Tim.
"Brian Madden" <br***@brianmadden.com> wrote in message
news:%2***************@TK2MSFTNGP15.phx.gbl... Hello All,
I have what I thought would be a simple problem although I've been
searching for a few hours with no luck.
I have several PDF and MPG files I would like to provide to users to
download via HTTP. I also have a database of user accounts. I would
like to protect the PDF and MPG files so that users cannot "save
target as" or "view source" to directly link to the files.
My first thought is that I would have to remove anonymous access to
these files and/or their parent folder within IIS. I was thinking
that I could then create a Windows account called something like
WebUsers and give it access to that folder. I'm hoping to write some
ASP code that authenticates my users against my own database and, if
successful, logs them into IIS via the WebUsers account (so that all
my users share the same account).
My problem is I cannot find an code or method or object to do this.
Is there some simple function that I can use to pass a username, pw,
and domain to IIS to authenticate the user that would then carry
through for them to be able to download non-ASP (PDF, etc.) content?
Or, am I completely thinking about this the wrong way? It seems to
me that this is something that would be fairly common.
Thanks,
Brian
"Brian Madden" <br***@brianmadden.com> wrote in message
news:#v*************@TK2MSFTNGP15.phx.gbl... Hello All,
I have what I thought would be a simple problem although I've been
searching for a few hours with no luck.
I have several PDF and MPG files I would like to provide to users to
download via HTTP. I also have a database of user accounts. I would like
to protect the PDF and MPG files so that users cannot "save target as" or
"view source" to directly link to the files.
My first thought is that I would have to remove anonymous access to these
files and/or their parent folder within IIS. I was thinking that I could
then create a Windows account called something like WebUsers and give it
access to that folder. I'm hoping to write some ASP code that
authenticates my users against my own database and, if successful, logs them into IIS
via the WebUsers account (so that all my users share the same account).
My problem is I cannot find an code or method or object to do this. Is
there some simple function that I can use to pass a username, pw, and domain to
IIS to authenticate the user that would then carry through for them to be
able to download non-ASP (PDF, etc.) content?
Or, am I completely thinking about this the wrong way? It seems to me that
this is something that would be fairly common.
To add to what Tim said ...
Put the files outside of the wwwroot path so there is no direct URL access
to them. In your ASP code, authenticate your users from your database and
then as appropriate use ADODB.Stream to Response.BinaryWrite the contents of
the PDF.
Here's an example with jpg, just chnage the relevant bits for PDF: http://www.aspfaq.com/show.asp?id=2161
--
Tom Kaminski IIS MVP http://www.microsoft.com/windowsserv...y/centers/iis/ http://mvp.support.microsoft.com/ http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
Awesome guys, thanks a lot!
Do any of you have any experience with "Coldlink?" It's a product that does
dynamic URL rewriting that includes keys in the URL that are only valid for
5 minutes. (It works as an asapi filter.) In my case I want my solution to
be as "real" or "normal" as possible. I have people who will be downloading
large video files from a conference, so each file could be several hundred
megabytes.
Thanks again.. I'll be checking this stuff out today.
Brian
"Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> wrote in message
news:e1*************@TK2MSFTNGP09.phx.gbl... "Brian Madden" <br***@brianmadden.com> wrote in message
news:#v*************@TK2MSFTNGP15.phx.gbl... Hello All,
I have what I thought would be a simple problem although I've been
searching for a few hours with no luck.
I have several PDF and MPG files I would like to provide to users to
download via HTTP. I also have a database of user accounts. I would like
to protect the PDF and MPG files so that users cannot "save target as" or
"view source" to directly link to the files.
My first thought is that I would have to remove anonymous access to these
files and/or their parent folder within IIS. I was thinking that I could
then create a Windows account called something like WebUsers and give it
access to that folder. I'm hoping to write some ASP code that
authenticates my users against my own database and, if successful, logs them into IIS
via the WebUsers account (so that all my users share the same account).
My problem is I cannot find an code or method or object to do this. Is
there some simple function that I can use to pass a username, pw, and domain to
IIS to authenticate the user that would then carry through for them to be
able to download non-ASP (PDF, etc.) content?
Or, am I completely thinking about this the wrong way? It seems to me
that
this is something that would be fairly common.
To add to what Tim said ...
Put the files outside of the wwwroot path so there is no direct URL access
to them. In your ASP code, authenticate your users from your database and
then as appropriate use ADODB.Stream to Response.BinaryWrite the contents
of
the PDF.
Here's an example with jpg, just chnage the relevant bits for PDF:
http://www.aspfaq.com/show.asp?id=2161
--
Tom Kaminski IIS MVP
http://www.microsoft.com/windowsserv...y/centers/iis/
http://mvp.support.microsoft.com/
http://www.iistoolshed.com/ - tools, scripts, and utilities for running
IIS
On Thu, 24 Feb 2005 22:37:39 -0500, "Brian Madden"
<br***@brianmadden.com> wrote: I have what I thought would be a simple problem although I've been searching
for a few hours with no luck.
I have several PDF and MPG files I would like to provide to users to
download via HTTP. I also have a database of user accounts. I would like to
protect the PDF and MPG files so that users cannot "save target as" or "view
source" to directly link to the files.
My first thought is that I would have to remove anonymous access to these
files and/or their parent folder within IIS. I was thinking that I could
then create a Windows account called something like WebUsers and give it
access to that folder. I'm hoping to write some ASP code that authenticates
my users against my own database and, if successful, logs them into IIS via
the WebUsers account (so that all my users share the same account).
My problem is I cannot find an code or method or object to do this. Is there
some simple function that I can use to pass a username, pw, and domain to
IIS to authenticate the user that would then carry through for them to be
able to download non-ASP (PDF, etc.) content?
Or, am I completely thinking about this the wrong way? It seems to me that
this is something that would be fairly common.
To add to the others, this is also futile. If you want me to view a
PDF or an MPG, it has to transfer to my system. Once there it's under
my control, not yours. I can saved it and send it on.
Of course, that only applies to the authorized users after you secure
the files, but you can't truly control content on the internet.
Jeff
Oh yeah, I totally hear what you're saying. Unless I get into the DRM for
the MPEGs, I realize that anyone can do anything with the files. I think
some people have the feeling that it's not "stealing" if they just link to
the file on my site, even if it's a deep link to a private area. So by
implementing the methods outlined here, at least people will be forced to
actively get around it (by downloading, saving, and linking) as opposed to
just an "innocent" link to the file on my site.
Thanks again everyone,
Brian
"Jeff Cochran" <je*********@zina.com> wrote in message
news:42****************@msnews.microsoft.com... On Thu, 24 Feb 2005 22:37:39 -0500, "Brian Madden"
<br***@brianmadden.com> wrote:
I have what I thought would be a simple problem although I've been
searching
for a few hours with no luck.
I have several PDF and MPG files I would like to provide to users to
download via HTTP. I also have a database of user accounts. I would like
to
protect the PDF and MPG files so that users cannot "save target as" or
"view
source" to directly link to the files.
My first thought is that I would have to remove anonymous access to these
files and/or their parent folder within IIS. I was thinking that I could
then create a Windows account called something like WebUsers and give it
access to that folder. I'm hoping to write some ASP code that
authenticates
my users against my own database and, if successful, logs them into IIS
via
the WebUsers account (so that all my users share the same account).
My problem is I cannot find an code or method or object to do this. Is
there
some simple function that I can use to pass a username, pw, and domain to
IIS to authenticate the user that would then carry through for them to be
able to download non-ASP (PDF, etc.) content?
Or, am I completely thinking about this the wrong way? It seems to me that
this is something that would be fairly common.
To add to the others, this is also futile. If you want me to view a
PDF or an MPG, it has to transfer to my system. Once there it's under
my control, not yours. I can saved it and send it on.
Of course, that only applies to the authorized users after you secure
the files, but you can't truly control content on the internet.
Jeff This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: siliconmike |
last post by:
Is there a way to protect data files from access by root ?
I have a data-centered website and would like to protect data piracy
from any foot-loose hosting company employee.
Any ideas?
...
|
by: Ray Stevens |
last post by:
How do you protect files (such as .PDF) in a hosted (Interland) environment
when you have no access to IIS?
|
by: Ronald S. Cook |
last post by:
In my ASP.NET 2.0 Web app, I want to make some files inaccessible to
unauthenticated users. Using Forms Authentication, this works fine for
..aspx pages, but not for regular old .htm pages. How...
|
by: itamtodd |
last post by:
How Do I License & Protect My Software?
I am in the process of developing a small program that I will be trying
to sell to different institutions. The program is written in VB and
uses an...
|
by: =?Utf-8?B?am9uaWdy?= |
last post by:
I wrote a simple VB.NET application that imports and edits CSV files.
Now I’d like to “lock” the raw (pre-import) CSV files so these cannot be
opened separately. It is not high-sensitive...
|
by: FAQ server |
last post by:
-----------------------------------------------------------------------
FAQ Topic - How do I protect my javascript code?
-----------------------------------------------------------------------
...
|
by: ManWithNoName |
last post by:
Hi guys.
Im still occupied with school, however, I cant quite help thinking about a part of my project that Im very curious about.
I want to protect files and folders on the web server, so...
|
by: =?Utf-8?B?TWlrZQ==?= |
last post by:
Hi. I have an ASP.NET 2.0 web application which contains an Images directory
with all website images. How can I prevent other websites from creating img
tags with the source as my images? I want...
|
by: logudotcom |
last post by:
How do I protect the pdf files from unauthorized users. I want to protect the pdf files from direct access.
The aim is to hide the name of the file either when mouse over and in the source of the...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |
