473,466 Members | 1,445 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

Using NTFS security to protect files served via asp/iis

Folks:

I have some zip files I'd like to serve to authenticated users on my
site, but would like to prevent unauthorized users from using an
absolute path to get to these zip files. For example
http://blah.com/file.zip should not be accessible directly without
authenticating. However, my current authenticaion goes to an LDAP
server and I'd rather not prompt users for another username and
password.

The only way I can figure this is to create a local user account on
the server, then set it to have NTFS read permissions for file. The
tricky part is using asp to pass windows authentication information in
the background to the server. Once it's authenticated, the download
begins. If a user somehow figures the absolute path to ther file, he
should be prevented from downloading it.

Is this possible?

Help.

Roberto
Jul 19 '05 #1
2 1786
"travelling_nerd" <tr*************@yahoo.com> wrote in message
news:96*************************@posting.google.co m...
Folks:

I have some zip files I'd like to serve to authenticated users on my
site, but would like to prevent unauthorized users from using an
absolute path to get to these zip files. For example
http://blah.com/file.zip should not be accessible directly without
authenticating. However, my current authenticaion goes to an LDAP
server and I'd rather not prompt users for another username and
password.

The only way I can figure this is to create a local user account on
the server, then set it to have NTFS read permissions for file. The
tricky part is using asp to pass windows authentication information in
the background to the server. Once it's authenticated, the download
begins. If a user somehow figures the absolute path to ther file, he
should be prevented from downloading it.

Is this possible?


The whole NTFS part is simple. I'm not sure I understand why you want ASP
to be involved.

IIS 5 Documentation
http://www.microsoft.com/windows2000/en/server/iis/
Microsoft Internet Information Server
Administration
Server Administration
Security
Authentication
Access Control

IIS 6 Documentation
http://www.microsoft.com/technet/pro...entication.asp
HOW TO: Configure IIS 5.0 Web Site Authentication in Windows 2000
http://support.microsoft.com/?id=310344
HOW TO: Configure User and Group Access on an Intranet in Windows 2000 or
Windows NT 4.0
http://support.microsoft.com/?id=325358
HOW TO: Configure IIS Web Site Authentication in Windows Server 2003
http://support.microsoft.com/default...b;en-us;324274

Make sure you disable simple file sharing in XP
http://support.microsoft.com/default...b;en-us;304040
--
Tom Kaminski IIS MVP
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
http://mvp.support.microsoft.com/
http://www.microsoft.com/windowsserv...y/centers/iis/

Jul 19 '05 #2
"Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> wrote in message news:<c4**********@kcweb01.netnews.att.com>...
"travelling_nerd" <tr*************@yahoo.com> wrote in message
news:96*************************@posting.google.co m...
Folks:

I have some zip files I'd like to serve to authenticated users on my
site, but would like to prevent unauthorized users from using an
absolute path to get to these zip files. For example
http://blah.com/file.zip should not be accessible directly without
authenticating. However, my current authenticaion goes to an LDAP
server and I'd rather not prompt users for another username and
password.

The only way I can figure this is to create a local user account on
the server, then set it to have NTFS read permissions for file. The
tricky part is using asp to pass windows authentication information in
the background to the server. Once it's authenticated, the download
begins. If a user somehow figures the absolute path to ther file, he
should be prevented from downloading it.

Is this possible?


The whole NTFS part is simple. I'm not sure I understand why you want ASP
to be involved.


Sorry for the lack of clarity. What I want to do is authenticate, via
asp, access to a file that has specific ntfs permissions. For example.
A local user on the server is called "bob". I want only "bob" to
download the file, but I don't want the web browser to prompt him for
his username and pw. I want to hard code it in asp. Only bob will know
the url to the file.
Jul 19 '05 #3
Create Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
NTFS rights not honored
by: Pål Andreassen | last post by:
Running Windows 2003 Server Framework 1.1 A site is configured to use integrated security (in IIS 6) Windows autentication and user impersonation in web.config <identity impersonate="true" />...
.NET Framework
7
What is the easiest way to query a remote XML file on someone elses Linux box using secure communication?
by: Dan V. | last post by:
Situation: I have to connect with my Windows 2000 server using VS.NET 2003 and C# and connect to a remote Linux server at another company's office and query their XML file. Their file may be...
.NET Framework
4
Executing a DTS Package using an ASP (VBScript)
by: chris.dunigan | last post by:
I'm looking for an example of how to execute an existing DTS­ package from an ASP (VB)script and would appreciate any and all response. ­I don't even know if it's possible Thanks - Chuck...
Microsoft SQL Server
3
Access 2003 security
by: sdupuis | last post by:
I have inherited some databases which were originally created with Access 2.0 and have gone the conversion route of '95, '97, 2000. I now need to convert them to work in Access 2003 and with XP. ...
Microsoft Access / VBA
2
Removing NTFS Folder Permissions On Win2000 In .NET Without using WMI
by: Ram | last post by:
Hey, I'v managed to find a way of adding NTFS permissions to a certain folder, But the problem is, the folder has a couple of inherited permissions which I want to delete. How can I remove the...
C# / C Sharp
7
Get access denied error when using DirectoryInfo.delete
by: Charts | last post by:
I login as administrator of the machine. However running the following code get access denied exception for file inside the directory. The source code: DirectoryInfo target = new...
C# / C Sharp
2
API Help please - How do I find the owner of a file or folder using
by: John Regan | last post by:
Hello All I am trying to find the owner of a file or folder on our network (Windows 2000 Server) using VB.Net and/or API. so I can search for Folders that don't follow our company's specified...
Visual Basic .NET
4
Removing NTFS Folder Permissions Using .NET
by: Ram | last post by:
Hey, I'v managed to find a way of adding NTFS permissions to a certain folder, But the problem is, the folder has a couple of inherited permissions which I want to delete. How can I remove the...
Visual Basic .NET
0
C#-WEB: access denied using GetFiles() on AD network share
by: GregInHouston2 | last post by:
I am attempting to access the files on a share on a server in my network so I can list the files there on an intranet web page. At this point, the share permissions and the NTFS permissions are...
.NET Framework
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
1
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration
0
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
C# / C Sharp

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us