I recently ran up against this issue and came up with a pretty good
solution.
Here is what I did-
Created an account with the same username and password as the logged in
users userID (stored in a session)
The host I go through has ASPuser installed, so I used this to impersonate a
login based on the users userID (stored in a session) and then streamed the
file to them if it authenticated. This way it is impossible to link directly
to a file unless your userID matches the current session.
Does this sound fairly fool proof??
"Bill" <no*****@fooemail.com> wrote in message
news:eW**************@TK2MSFTNGP09.phx.gbl...
Does ASP have a file whose function is similar to .htaccess on Apache? I'm
looking to protect subdirectory content.